Agentic Services Orchestrator Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local workflow router and document renderer, with one review note about its broad default workflow selection.

Before installing, be aware that omitted workflow_type values will route through the CompleteTech services workflow by default. For non-services work, set workflow_type explicitly and keep approval evidence current before any external send, invoice, public proof, launch, or other high-impact action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The adapter is configured to load when `workflow_type is completetech_services or unspecified`, which creates a broad default activation path. In an orchestration system, treating unspecified requests as this workflow can misroute unrelated tasks, apply the wrong approval/gating model, and cause downstream actions to occur under incorrect assumptions about scope, authority, or required reviews.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal