OpenAI Symphony

Security checks across malware telemetry and agentic risk

Overview

OpenAI Symphony is a transparent but high-privilege orchestration skill for trusted Linear, Git, and Codex workflows, with its main risks disclosed and scoped by setup guidance.

Install only for trusted Linear projects and repositories. Before enabling unattended runs, confirm the repository, workspace root, tracker project, and terminal states; use least-privilege tokens; review or pin clone targets and setup commands; keep approval_policy on-request or stricter during rollout; and keep secrets out of ~/symphony/ memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The workflow automatically executes `git clone --depth 1 "$SOURCE_REPO_URL" .` in an `after_create` hook, which causes code from a dynamically supplied repository URL to be fetched into the agent workspace without any explicit warning, validation, or trust boundary description. In this skill's context, that repository content is then likely to influence subsequent autonomous agent actions, increasing supply-chain and prompt/context injection risk if the source URL is attacker-controlled or unexpected.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal