Workflow Dlc Agent Scenario

Security checks across malware telemetry and agentic risk

Overview

This is a product-design workflow skill with limited, disclosed logging guidance and no executable code or hidden high-impact behavior.

Installers should treat the log template as optional workflow documentation and avoid putting secrets, personal data, or sensitive business plans into generated logs. The external lesson-file reference may simply be unavailable depending on install layout; if present, it should be reviewed as local documentation before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly defines writing structured interaction logs that may capture user persona, triggers, scenario details, and context fields, but it provides no warning, minimization guidance, or restrictions on sensitive data. In an agent-design workflow, these logs can easily contain proprietary business plans, operational context, or personal information, creating unnecessary data exposure and retention risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal