Subagent Bridge / 子会话传话

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a transparent subagent-message bridge; its main risk is accidental forwarding if users rely on vague natural-language commands.

Install this only if you want your main agent to coordinate active subagents. Use explicit subagent names, avoid sending sensitive content through broadcast or debate flows, and confirm ambiguous routing requests before allowing messages or histories to be shared across sessions.

SkillSpector (2)

By NVIDIA

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill tells users to speak to the main session in broad natural language without requiring an explicit invocation boundary. That creates prompt-trigger ambiguity where ordinary conversation can unintentionally activate bridging behavior, causing the agent to relay messages to subagents or disclose intermediate outputs without clear user intent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The examples use generic phrases like 'ask', 'tell', and 'let X pass its result to Y' with no constraints, authorization checks, or exclusions. In a conversational system, these phrases are common enough to be triggered by normal dialogue or prompt-injected content, enabling unintended cross-session message routing and data propagation.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal