Agent Onboarding

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only onboarding skill for group-chat agents that makes disclosed local note and AGENTS.md updates, with no executable code or external data transfer.

Install this only if you want an agent to help maintain group-chat onboarding notes and AGENTS.md. Review proposed edits before accepting them, especially where local memory files may contain private personal or project context, and keep the agent clearly identifiable as an AI participant in shared chats.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The instruction to participate 'like a real human' encourages anthropomorphic behavior that can undermine transparency about the agent's identity and nature. In a group-chat setting, this can mislead participants, blur accountability, and increase the chance of deceptive interactions or policy violations around disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal