Back to skill

Security audit

Multi Agent Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for planning multi-agent workflows, with disclosed coordination patterns and no hidden executable behavior found.

Install this if you want templates for coordinating multiple agents. Before using it operationally, decide which agents can access each shared directory, require human approval for sensitive actions such as deployments, publishing, finance, or account changes, and track any heartbeat or cron jobs you create.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description and trigger list are very broad, including generic phrases like multi-agent, agent team, agent roles, and task delegation to agents. This can cause the skill to activate in contexts where the user did not ask for orchestration guidance, increasing the chance of irrelevant instruction injection into unrelated workflows and accidental overreach by the agent.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.