Researching In Parallel

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed parallel-research workflow that writes reports and supporting files into a user-selected workspace, with no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable with multiple sub-agents doing web research and writing files in a workspace. Use a new empty workspace as instructed, provide only sources you want the agents to read, and independently verify important citations before relying on the final report.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The prompt explicitly instructs the sub-agent to write the completed report to a filesystem path, which is a state-changing action. Because the skill description does not indicate any user-facing confirmation or warning before modifying files, a user may trigger unintended overwrites or silent document changes, especially in an iterative workflow where existing reports are being updated in place or used as inputs to later runs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal