灵枢·Agent体系架构师

Security checks across malware telemetry and agentic risk

Overview

This is a plain instructional skill for designing agent systems, with broad triggers but no code, install scripts, credential use, persistence, or hidden behavior.

Install only if you want help designing or scaffolding agents. Because the trigger wording is broad, review generated agent definitions carefully and require explicit approval before connecting real data sources, APIs, scheduled jobs, or external action channels.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger phrases are extremely broad, such as requests to 'generate an XX Agent' or 'create an XX assistant,' which can match many ordinary user requests and cause this skill to activate unintentionally. Because this skill is a high-authority meta-skill that designs and generates other agents, accidental invocation can override more appropriate skills, expand scope unexpectedly, and increase prompt-routing and policy-bypass risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal