Back to skill

Security audit

数字员工管理

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed workspace role-manager that creates role files, reuses role memory, and launches sub-agents for that purpose.

Install this if you want the agent to maintain reusable role memory and delegate work to sub-agents. Review the workspace/agents and workspace/knowledge files periodically, avoid storing secrets there, and use explicit role commands when possible to reduce accidental activation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough that ordinary conversation such as asking to 'start' or 'manage' a role could unintentionally invoke the skill. Because the skill can create directories, read workspace memory, write files, and spawn sub-agents, accidental activation can lead to unintended file access or state changes without a clearly scoped user action.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automatically reads multiple memory and knowledge files and later writes updated memory, but the documentation does not clearly warn users that invoking the skill causes persistent workspace access and modification. This reduces informed consent and increases the chance that users expose sensitive project context to sub-agents or unintentionally persist sensitive data in memory files.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The template defines a very generic trigger phrase for creating a role without any scoping, confirmation, or trusted-invocation constraints. In an agent environment, broad natural-language activation can be triggered unintentionally or by prompt injection, causing unauthorized role generation or workflow changes based on untrusted input.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.