Security audit

Multi-Agent Collaboration Communication

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent multi-agent system design guide with local helper scripts and no evidence of hidden, destructive, or exfiltrating behavior.

Reasonable to install for multi-agent design work. Before running the scripts, review input and output paths, avoid putting real secrets in placeholder auth fields, and treat the broad capability tags as over-inclusive rather than as behavior shown in the artifacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example message schema and output explicitly include identifiable author metadata such as an email address and commit attribution, but provide no privacy notice, minimization guidance, or retention/access controls. In a multi-agent system, this increases unnecessary propagation of personal data across components and logs, raising privacy, compliance, and insider-exposure risks if the data is stored, forwarded, or leaked.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.