Back to skill

Security audit

Together AI

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Together AI connector that uses OOMOL's oo CLI and does not show hidden or unrelated behavior.

Install this if you intend to use Together AI through an OOMOL-connected account. Expect prompts or commands to send your requested inputs to Together AI and potentially incur provider or OOMOL costs; review payloads before approving write-tagged actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description says to use this skill for ANY Together AI request, including reading, creating, and updating data. That broad routing language can cause the agent to invoke the skill in situations where a narrower or safer path would be more appropriate, increasing the chance of unintended external API calls or state-changing operations based on ambiguous user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.