Security audit

orchestrator-v3

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only orchestration skill with broad routing guidance, but it does not show hidden execution, credential handling, persistence, or destructive behavior.

Install only if you want a general-purpose multi-agent planning router. For sensitive work such as security, deployment, or large refactors, ask it to confirm the selected specialist and plan before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The routing phrases are broad and overlap with common user language, which can cause the orchestrator to activate or delegate to specialists based on ambiguous keywords rather than clear intent. In an agent-routing skill, this increases the risk of misclassification, over-broad delegation, and unintended access to more sensitive workflows such as security, architecture, or deployment-related agents.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The manifest description advertises very broad activation criteria such as smart routing, coordination, QA, and bug detection without defining scope limits. This makes the skill more likely to be invoked in situations it was not designed for, increasing the chance of inappropriate orchestration decisions, unintended tool use, or unnecessary delegation across domains.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.