mention-to-gateway

Security checks across malware telemetry and agentic risk

Overview

This skill is meant for cross-gateway agent messaging, but it lets chat text trigger outbound requests to specified IP addresses without clear trust controls or response provenance.

Install only in an environment where you control the gateways and can enforce trusted destination allowlists, authentication, and user confirmation before forwarding. Users should also keep visible provenance for remote responses instead of making them indistinguishable from local gateway replies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger definition is overly broad and treats any message matching an @deviceid-agentid-ip pattern as authority to initiate a network request to an arbitrary target IP. In this skill's context, that creates a practical SSRF/proxying primitive and makes accidental or unauthorized cross-gateway command forwarding much more likely.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to send requests to a user-specified IP while embedding the current gateway's internal IP and agent identity in the request metadata. That exposes internal network information to remote endpoints and, combined with arbitrary IP targeting, can be abused for internal reconnaissance, lateral movement support, or data exfiltration to attacker-controlled hosts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal