Back to skill

Security audit

Agent Comm Protocol

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only agent communication protocol with disclosed local logging and no executable code or hidden data access.

Install only where structured agent coordination is desired. Treat the communication logs as potentially sensitive: avoid putting secrets in messages, restrict file permissions, and define retention or deletion rules for the logged conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage guidance activates the skill for a very broad condition: essentially any situation involving agent-to-agent communication. Without tighter trigger boundaries, an agent may invoke this protocol in unintended contexts, causing unnecessary message handling, incorrect task routing, or leakage of operational details into communication logs. In this context, the risk is procedural and scope-related rather than directly malicious, but it can still expand the attack surface for prompt misuse or unintended disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.