Back to skill

Security audit

Auto Create AI Team

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be an offline local documentation generator that creates AI-team files in a chosen project folder, with no evidence of hidden network access or credential use.

Install only if you want a local script that creates or updates an ai-team documentation folder in a project you choose. Review WORKFLOW.md before relying on it, especially the data-sharing and automation language, and avoid running it on a project where overwriting existing ai-team template files would be a problem.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The template explicitly includes bidirectional sharing of user and product data between teams, but it provides no accompanying privacy notice, consent boundary, minimization rule, or handling restriction. In a reusable workflow template, this can normalize broad internal data movement and lead downstream users to process personal or sensitive data without transparency, least-privilege controls, or compliance review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.