Workflow Orchestration Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a workflow planning and validation helper; its file writes are narrow and purpose-aligned, though users should know the validators update the plan file in place.

Install is reasonable for local workflow-plan drafting and validation. Treat the validation scripts as mutating tools: run them on a working copy of plan.json if you need to preserve hashes, signatures, or an original audit artifact.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script is presented as a validator, but it also mutates and overwrites the user-supplied plan file in place by adding a validation_report. This creates an integrity risk because running a supposedly read-only check can silently alter input artifacts, break downstream workflows, and destroy original evidence or signed content.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The documentation and function names describe validation behavior only, but the implementation also writes changes back to disk. This mismatch is dangerous because operators, automation, or other tools may trust it as a non-mutating validation step and inadvertently allow unexpected file modification in pipelines.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script overwrites the input JSON file without explicit user warning or opt-in, despite the CLI description suggesting only schema validation. In workflow orchestration contexts, plan files are likely inputs to other automated stages, so silent in-place modification can corrupt canonical plans, invalidate hashes, or introduce hard-to-trace state changes.

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The script overwrites the supplied plan file in place after validation, without requiring explicit user consent or writing to a separate output file. In a workflow-orchestration skill, plan files are important control artifacts; silent mutation can corrupt canonical plans, break downstream signing/hash checks, or cause consumers to trust modified content that now mixes source data with tool-generated state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal