Route Specialist

Security checks across malware telemetry and agentic risk

Overview

This skill is a prompt-routing helper that uses declared LLM and file-path context for task classification, with no evidence of hidden execution, persistence, or destructive behavior.

Install this if you want an orchestrator helper that routes tasks to specialist prompts and model choices. Keep file_context limited to the intended project, and do not include credentials, customer data, or highly sensitive business details in ambiguous requests unless the configured LLM endpoint is approved for that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The standalone trigger phrase is broad enough to match ordinary user language, which can cause this routing skill to run unexpectedly and intercept tasks outside its intended scope. Because the skill can then select prompts, models, and inspect file context, unintended activation increases the chance of misrouting, unnecessary data exposure, and surprising control-flow in the orchestrator.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The stage-2 classifier forwards the full user task to an external LLM endpoint without any disclosure, minimization, or consent mechanism. If user tasks contain secrets, proprietary code details, credentials, customer data, or regulated information, this creates a real confidentiality and compliance risk even though the call is only for classification.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal