Agent Orchestration

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only prompt-template skill for managing sub-agents, with expected local tracking notes and no evidence of hidden execution, credential use, exfiltration, or destructive behavior.

Install is reasonable if you want prompt templates for managing sub-agents. Before use, set clear write locations, command/install limits, time budgets, and approval rules for destructive or sensitive actions. Do not record secrets, credentials, personal data, or confidential project details in active-agents.md or LEARNINGS.md.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This is a markdown file, so SQP-2 applies to descriptions of behaviors that could affect user data or privacy. The skill directs users to maintain `notes/areas/active-agents.md` and `LEARNINGS.md` with agent tasks, results, and outcomes, but it does not warn that these logs may capture sensitive operational, project, or user-related information.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: | No technical constraints | Agent might use incompatible tools | | Missing output path | Files end up in wrong place | | No Ralph mode for complex tasks | Agent gives up too early | | No verification step | Agent declares done without testing | ---
Confidence: 75% confidence
Finding: No verification

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal