Orchata

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Orchata RAG management skill, but it gives agents document and space deletion powers without clear confirmation safeguards.

Review before installing if your Orchata spaces contain important business, legal, customer, or operational documents. Require the agent to restate the exact space or document name and ID and get explicit confirmation before any delete action, and prefer archiving or backups when available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents `manage_space` with a `delete` action but provides no guidance to confirm user intent, warn about destructive consequences, or prefer archival over deletion. In an agentic context, exposing deletion as a normal documented workflow increases the chance an assistant will perform irreversible or harmful operations based on ambiguous prompts or prompt injection.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly presents `delete_document` as a permanent delete operation without any warning about irreversibility, backup checks, or user confirmation requirements. Because this skill is designed for direct MCP tool use by AI assistants, normalizing immediate permanent deletion makes accidental data loss, malicious prompt-induced deletion, or unauthorized destructive actions more likely.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal