Security audit

Cross Agent Chat

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill transparently enables cross-agent messaging, but users should be careful not to send sensitive information to other sessions.

Install only if you want your agent to find reachable sessions and send messages to other agents or channels. Before use, verify the recipient and avoid sending secrets, credentials, private user data, internal prompts, or unrelated conversation context unless that transfer is intentional and authorized.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This skill explicitly instructs agents to message other sessions and agents, but it does not warn that the message body may contain user data, internal context, credentials, or other sensitive system information that would be disclosed to a different recipient. Because the whole purpose of the skill is cross-agent communication, the absence of data-classification, minimization, and consent guidance materially increases the risk of unintended data exfiltration or privacy breaches.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.