Work Productivity Multi Search Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only search workflow helper with some sloppy activation wording, but no hidden code, persistence, credential handling, or destructive behavior was found.

Install only if you want an agent to help structure multi-source searches and evidence summaries. Be aware that its broad trigger wording may activate it for loosely related search or bug-fix requests, so review the agent's plan before allowing broad external searches involving private or sensitive context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill metadata promises concrete multi-source search coordination, query expansion, source diversity, deduplication, and evidence handling, but the body describes a generic 'validated demand' helper instead. This mismatch can cause the agent to invoke the skill in contexts where users expect search behavior, leading to unreliable execution, incorrect delegation, and unsafe assumptions about what the skill actually does.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The workflow and expected outputs never implement the search-specific capabilities advertised in the manifest, such as coordinating multiple search engines, repositories, or evidence comparison. In an agent system, this kind of semantic mismatch is dangerous because orchestration may route sensitive or important research tasks to a skill that cannot perform them, degrading integrity of results and potentially bypassing intended review steps.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad, awkwardly phrased, and likely to match loosely related user requests, which can cause unintended skill activation. In an agentic workflow, this can redirect tasks into an unsuitable search workflow, leading to incorrect tool use, noisy retrieval, or bypass of more appropriate skills.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad, repetitive, and loosely scoped, which can cause the skill to activate for unrelated requests that merely mention generic workflow or bug-fixing language. In an agent environment, overbroad activation can steer user tasks into unintended web/repository search behavior, increasing the chance of misrouting, noisy results, or inappropriate tool use.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger keywords include extremely broad terms such as 'multi', 'search', 'engine', and 'global', which are likely to overlap with many ordinary requests. Overbroad triggers can cause accidental activation, pulling the conversation into the wrong workflow and increasing the chance of misapplied automation or irrelevant instructions.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The enablement condition in the description is broad and poorly bounded, indicating the skill should be used whenever users mention a wide category of productivity or loosely related terms. In context, this increases the likelihood of inappropriate skill selection and makes the already-misaligned functionality more dangerous because it can intercept requests outside its true competence.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The default prompt and description are broad enough that the orchestrator may invoke this skill for many loosely related search or synthesis requests. That can cause unintended activation, leading the agent to pull in external web/repository content unnecessarily and potentially expose user queries or context to more tools and sources than intended.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Enabling implicit invocation without clear constraints allows the platform to auto-select this skill based on vague similarity rather than deliberate user intent. In a search-capable skill, that increases the risk of unnecessary external lookups, broader data exposure, and workflow execution that the user did not clearly request.

Vague Triggers

High

Confidence: 95% confidence
Finding: An overly broad everyday trigger phrase can cause the skill to activate in many unrelated contexts, effectively acting as prompt-scope hijacking inside a larger agent system. In a workflow skill that can steer research, artifacts, or decision support, accidental invocation may override more appropriate tools, mis-handle user intent, and widen the attack surface for indirect prompt injection through irrelevant tasks.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: Ambiguous trigger scope without clear activation constraints makes the skill easier to invoke unintentionally and harder for the orchestrator to route safely. In this skill context, that is more dangerous because the skill claims broad coordination behavior across web, forums, docs, code hosts, and registries, so loose activation can lead to inappropriate tool selection, noisy searches, or propagation of unvetted evidence into downstream outputs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal