Subagent Dev
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed development workflow skill that delegates coding tasks to subagents and may create commits, but that behavior fits its stated purpose.
Install this only if you want an agent to coordinate coding subagents on your repository. Use it on the intended branch, review generated commits, and avoid putting unrelated secrets or private context into plans passed to subagents.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.