Back to skill

Security audit

Workflow Orchestration

Security checks across malware telemetry and agentic risk

Overview

This is a small workflow orchestration library whose persistence and state-loading features are disclosed and aligned with its purpose.

Installers should treat saved workflow files as project data: store them only in approved locations, avoid putting secrets in workflow context or artifacts, and only load instance data from trusted sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
79% confidence
Finding
The skill advertises persistence to JSON/YAML but provides no warning that workflow state may be written to disk or serialized, which can expose sensitive project context, task metadata, or exception details if users assume execution is memory-only. In a workflow orchestration context, persisted state can accumulate operational data and become a privacy or confidentiality risk, especially in shared environments.

Missing User Warnings

Low
Confidence
78% confidence
Finding
`load_instance` accepts arbitrary dict data and reconstructs a `WorkflowInstance` with no visible validation, integrity check, or authorization guard. If untrusted input reaches this API, an attacker could forge workflow state such as IDs, status, current phase, context, or artifacts, potentially bypassing workflow gates, corrupting state, or resuming privileged flows in an unintended state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.