Team Code

Security checks across malware telemetry and agentic risk

Overview

This skill is instruction-only and aligned with multi-agent coding, but it normalizes broad repository-changing workflows with weak guardrails.

Install only if you are comfortable letting agents coordinate repository-wide coding work. Before using it, require explicit user confirmation before spawning subagents, pushing, hard-resetting, or deleting worktrees; verify each subagent is actually confined to its intended worktree; and keep backups or clean git status before following the destructive examples.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 79% confidence
Finding: The example claims agent worktrees provide physical isolation, but elsewhere the same document instructs operators to synchronize a workspace using destructive state replacement. In a multi-agent coding workflow, this can invalidate the isolation guarantee, discard unmerged work, and cause agents to operate on overwritten state, which is dangerous because the examples normalize unsafe repository management practices.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal