Sub Agent Factory
Security checks across malware telemetry and agentic risk
Overview
This is a coherent local sub-agent generator, but its helper script can write agent files outside the intended folder if run with a crafted agent name.
Review before installing if you plan to run the helper script. Use only simple agent names with letters, numbers, hyphens, or underscores; avoid slashes and '..'. Treat role text and inbox contents as trusted instructions, and check that the target SKILL.md path is the one you intended before provisioning an agent.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.