Morning Meeting Bwm

Security checks across malware telemetry and agentic risk

Overview

The skill matches a workplace standup automation use case, but it gives Slack conversations broad power to trigger recurring storage and cross-agent business actions without clear approval limits.

Install only after setting explicit Slack channel scopes, participant notice, retention rules, and human approval gates. Require confirmation before any task posts externally, changes financial/order data, modifies code or infrastructure, or acts on customer/support content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill describes reading Slack conversations, extracting tasks, delegating work to other agents, executing tasks immediately, and writing summaries and task data to persistent storage, but it does not warn users about these surveillance and action-taking behaviors. This creates a transparency and consent problem: users in the channel may not realize their messages are being processed for automation, persisted, and used to trigger downstream actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal