Back to skill

Security audit

Autotask

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Autotask read-only connector skill, with some broad routing language users should understand before installing.

Install this only if you want an agent to query Autotask through your OOMOL-connected account. Keep the Autotask/API permissions limited to the read workflows you need, and require explicit confirmation before using any future write or destructive connector actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description explicitly says to use this skill for ANY Autotask request, which creates a very broad routing rule without limiting the skill to specific read-only tasks, entities, or user intents. In context this is somewhat mitigated because the listed actions are currently read-oriented, but broad delegation can still cause the agent to over-select this skill for requests outside its validated scope or future-expanded capabilities.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.