Workflow Execution

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only workflow skill that tells agents how to plan, track, hand off, and verify work; its tracker updates and agent spawning are disclosed and aligned with that purpose.

Install this if you want agents to use issues or local plan files as durable workflow records. Before use, verify the target company/project/repo/issue IDs, avoid putting secrets into plan/design/context documents or comments, and use revision checks when updating existing Paperclip documents to avoid overwriting prior workflow context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The document attachment guidance explicitly reuses the same endpoint and keys for plan/design/context documents, and it notes revision protection only when updating an existing document. Without a stronger warning that these writes can replace existing workflow documents, an executing agent could overwrite authoritative planning or context artifacts, causing loss of instructions, confusion, or workflow sabotage in a multi-agent/team setting.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal