Call Claude Sonnet 4 Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple brainstorming-role prompt with vague naming but no code, credentials, file access, or persistence.

Install if you want a creative brainstorming role prompt. Keep the meeting minutes curated and avoid putting secrets or untrusted instructions in them, since the skill tells the agent to rely heavily on those notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill metadata and overview are so broad and self-referential ('AI agent for call claude sonnet 4 agent tasks') that they provide no meaningful trigger boundaries or task scoping. In an agent ecosystem, this can cause the skill to be invoked inappropriately across many contexts, increasing the chance that unrelated conversations inherit the embedded behavioral instructions and creating prompt-scope confusion or unintended authority transfer.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal