Back to skill

Security audit

Pilot Priority Queue

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow Pilot Protocol helper for prioritized messaging, with one practical caution around a manual inbox-clearing command.

Install only if you already use and trust the Pilot Protocol tooling. Treat `pilotctl --json inbox --clear` as destructive: review, process, or archive inbox contents before running it, and avoid putting that command into unattended workflows unless message loss is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents `pilotctl --json inbox --clear`, which irreversibly deletes queued messages, but it does not include an explicit warning, confirmation step, or guidance to back up or review messages before clearing. In an agent skill context, operators may copy commands directly or automation may adopt them verbatim, increasing the chance of accidental message loss and disruption of priority communications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.