orchestrator

Security checks across malware telemetry and agentic risk

Overview

This is a visible, instruction-only planning skill for routing work to specialist agents, with no executable code or hidden install behavior.

Install this as a planning aid, not an automatic authority. Review its suggested agent routing before security, deployment, architecture, or large code-change tasks, and do not include secrets in prompts or checkpoint summaries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The routing rules rely on very broad keywords such as "design," "review," "test," and "security," which can cause the orchestrator to invoke powerful specialists based on weak lexical matches rather than clear user intent. In an orchestration skill that can coordinate multiple downstream agents and suggest parallel execution, this increases the chance of over-scoped delegation, unintended actions, and misrouting of sensitive tasks.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description advertises extremely broad usage categories such as routing, coordination, QA, human-in-the-loop, and checkpoints without narrowly defining when the skill should be invoked. Because this is a top-level orchestrator with authority to select other agents, overly general invocation conditions can cause it to activate in contexts where a narrower specialist would be safer and more appropriate.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal