Agent Swarm Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed multi-agent coding workflow, but it tells agents to autonomously edit, commit, and push project changes without clear human approval or branch safeguards.

Install only if you intentionally want a supervised multi-agent coding workflow. Run it on a dedicated branch or worktree, use trusted Agent Mail/NTM/BV tooling, keep secrets out of project instructions and mail messages, and require a human review before any commit or push.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly instructs agents to "commit all changed files" and then "push" to the remote repository, but it does not require an explicit user confirmation, branch restriction, dry-run, or safety check before modifying a shared remote state. In an autonomous multi-agent workflow, this increases the risk of unintended code publication, overwriting collaborative work, or pushing sensitive or low-quality changes directly to a remote repository.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal