Back to skill

Security audit

Lambda Lang

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed parser and reference for a compact agent-to-agent language, with transparency considerations but no hidden system access or unsafe behavior found.

Reasonable to install for Lambda language parsing and reference use. Keep user-facing output in normal language unless Lambda is requested, log or translate Lambda messages before acting on them, and only accept external vocabularies or Pilot Protocol messages from trusted, reviewed sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill explicitly frames Lambda as a native agent-only language and encourages agent-to-agent communication in a compact, machine-native form without any mention of user consent, transparency, or fallback to human-readable output. This can enable opaque inter-agent exchanges, make monitoring difficult, and increase the risk of hidden instruction passing or policy evasion in environments where users expect inspectable behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.