Agency Agents 1.0.2

Security checks across malware telemetry and agentic risk

Overview

This is mostly a text-only agent bundle, but it overstates what is included and gives a broad autonomous workflow local-saving behavior without enough user controls.

Review before installing. Treat this as an unfinished prompt/persona pack rather than a complete 61-agent suite, verify the source before using placeholder manual-install instructions, keep human approval before any file changes, deployment, public posting, or business decision, and avoid entering secrets or regulated/confidential data unless you are comfortable with outputs being saved locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation states that agent outputs are automatically saved to a workspace path, but it does not warn users that prompts and outputs may contain sensitive business, personal, credential, or proprietary data. In an agent skill that encourages broad use across product, marketing, analytics, and engineering tasks, silent persistence increases the risk of unintended data retention, local disclosure, and compliance/privacy issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal