agent-orchestration

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent agent-orchestration guidance, but it gives agents broad file-writing, code-running, tracking-file persistence, and third-party API authority without enough scoping or consent guidance.

Install only if you are comfortable with this skill guiding agents to write tracking notes, create or modify project files, run local code, and send selected prompts to SkillBoss using your API key. Use a least-privilege key, avoid sending confidential repository or customer data, and require human review before file writes outside a designated workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (6)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill instructs the agent to maintain `notes/areas/active-agents.md` and `LEARNINGS.md`, which implies persistent writes to workspace files without any warning, consent boundary, or scope restriction. In agent environments, silent modification of repository or workspace state can surprise users, overwrite existing content, or create unintended disclosure of project details in persistent files.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This template explicitly directs an agent to create and modify files, including at user-specified target paths, but does not require any confirmation, scope restriction, or warning before making filesystem changes. In an agent setting, this can enable unintended overwrites, writes to sensitive locations, or persistence of unsafe code/configuration if the prompt variables are influenced by untrusted input.

External Transmission

Medium

Category: Data Exfiltration
Content: SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"] def call_llm(messages, prefer="balanced"): r = requests.post( "https://api.skillboss.co/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json={"type": "chat", "inputs": {"messages": messages}, "prefer": prefer},
Confidence: 92% confidence
Finding: requests.post( "https://

External Transmission

Medium

Category: Data Exfiltration
Content: SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"] def call_llm(messages, prefer="balanced"): r = requests.post( "https://api.skillboss.co/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json={"type": "chat", "inputs": {"messages": messages}, "prefer": prefer},
Confidence: 92% confidence
Finding: requests.post( "https://api.skillboss.co/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium

Category: Data Exfiltration
Content: **Prompt portability is a myth.** Different tasks need different capabilities. With SkillBoss API Hub, you call a single endpoint (`https://api.skillboss.co/v1/pilot`) and use the `prefer` parameter to auto-route to the best available model for your task. | Task Profile | prefer setting | Best For | |-------------|---------------|----------|
Confidence: 80% confidence
Finding: https://api.skillboss.co/

External Transmission

Medium

Category: Data Exfiltration
Content: def call_llm(messages, prefer="balanced"): r = requests.post( "https://api.skillboss.co/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json={"type": "chat", "inputs": {"messages": messages}, "prefer": prefer}, timeout=60,
Confidence: 92% confidence
Finding: https://api.skillboss.co/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal