Multi-Agent Team

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable Chinese workflow template for coordinating multiple AI roles, with no evidence of hidden commands, credential access, persistence, or data exfiltration.

Install this if you want a Chinese-language template for delegating work across AI roles. Be aware that generic collaboration phrases may trigger it in broad situations, so review task assignments before acting on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases listed for this skill are very broad, generic terms such as '团队协作', '多人配合', and '分工', which are likely to appear in many unrelated user requests. This can cause the skill to activate unintentionally, steering conversations into a multi-agent workflow the user did not request and increasing the chance of prompt hijacking, misrouting, or inappropriate delegation behavior.

Natural-Language Policy Violations

Medium

Confidence: 85% confidence
Finding: The skill content is written entirely in Chinese and does not provide a language-selection or fallback mechanism, which may cause the agent to force Chinese-language interaction regardless of the user's preferred language. While not directly a code-execution risk, this can degrade security-relevant comprehension, lead to user misunderstanding of delegated actions, and reduce transparency in multi-agent workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal