Security audit

SZZG007 Multi Agent Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent multi-agent business orchestrator, but it gives agents broad authority over bulk email and customer workflows without clear approval gates or limits.

Review before installing. Use only with trusted agents and channels, require explicit approval before emails or customer-data actions, set recipient and retry limits, define what data each agent may receive, and ensure there is a clear way to stop monitoring and clear retained task history.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill claims that sensitive operations require secondary confirmation, but its documented workflows include direct execution of outbound email tasks without any explicit approval or confirmation checkpoint. In a multi-agent orchestration context, this mismatch can lead to unauthorized bulk email actions, accidental misuse of customer data, or policy-violating outreach being triggered automatically by natural-language prompts.

VirusTotal

37/37 vendors flagged this skill as clean.

View on VirusTotal