Back to skill

Security audit

multi-agent-coordinator

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only multi-agent planning skill; it is broad, but its delegation behavior is disclosed and no hidden code, credential use, persistence, or install-time behavior was found.

Safe to install as a planning aid. For confidential or high-impact work, review the proposed agent team before any delegation and require explicit approval before downstream agents change files, deploy systems, access accounts, or publish content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad and open-ended, describing general multi-agent coordination capabilities without clear activation boundaries or exclusion criteria. In an agent system, this can cause over-invocation or inappropriate routing of tasks to this skill, increasing the chance of unnecessary delegation, context sprawl, and accidental execution of higher-risk workflows.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The purpose statement claims authority to coordinate multiple specialized agents for complex tasks but does not define safety limits, approval gates, or situations where coordination should be avoided. In a multi-agent environment, this can expand operational scope beyond intended use and amplify mistakes across several downstream agents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.