HITL Protocol — Workflows and Human Decisions for Autonomous Agents
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only skill for adding human approval steps to agent workflows, and its sensitive behaviors are disclosed and aligned with that purpose.
Safe to install as a reference skill. If you implement the protocol, send review links only through trusted channels, use HTTPS, do not log sensitive fields or tokens, keep review and submit tokens separate, verify webhook signatures, and minimize callback payloads that may include human decisions or private form data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.