Security audit

Agent Task Queue

Security checks across malware telemetry and agentic risk

Overview

This is a coherent task-queue skill, with the main caution that task results and error messages can be stored in queue logs/state.

Reasonable to install for task orchestration. Treat queue storage as sensitive operational data: do not place secrets, tokens, private prompts, or PII in task payloads/results/errors unless you control retention and access to the in-memory, SQLite, or Redis backend.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The queue logs the full task result object on completion, which can persist secrets, tokens, PII, model outputs, or other sensitive payload data into storage with no redaction or opt-in control. In a multi-agent task queue, results often aggregate upstream inputs and downstream outputs, so centralized logging materially increases exposure through log access, retention, backups, and debugging tools.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The failure path stores the raw error message in both task state and logs, which can expose sensitive internals such as credentials in exception text, stack-derived details, endpoint URLs, prompts, or customer data that triggered the error. In this task-queue context, failures are likely to be frequent and broadly observable during operations, making accidental sensitive-data persistence more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal