Agentic Workflow Automation Hardened

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local workflow-blueprint generator with a dry-run bug users should know about, but no evidence of hidden access, exfiltration, or unsafe automatic execution.

Before installing, treat the bundled script as a local file generator. Do not rely on its --dry-run option to avoid filesystem writes, and avoid pointing --output at sensitive or existing files unless you intend to overwrite them. Review generated workflows before using them in any real automation platform.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The script documents --dry-run as 'Run without side effects' but still writes the output artifact unconditionally via render(result, Path(args.output), args.format). In automation contexts, operators and upstream agents may rely on dry-run semantics for safe preview behavior, so this mismatch can cause unintended file creation or overwrite and weaken safety controls around workflow generation.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The guide defines a `trigger` input field but provides no scope, validation rules, examples, or allowed values. In an agentic workflow skill, ambiguous trigger semantics can cause workflows to activate too broadly or under unintended conditions, increasing the risk of unauthorized automation, accidental execution, or unsafe chaining with downstream actions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal