Agent Collaboration

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed multi-agent collaboration methodology skill, with no evidence of hidden code, credential access, data exfiltration, or destructive behavior.

Install this if you want a structured workflow for coordinating multiple agents. Before using it on important work, confirm the scope of any delegated or background tasks and be aware that broad collaboration-related phrasing may activate the skill unexpectedly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to match common discussion of collaboration or multi-agent work, which can cause this skill to activate in contexts the user did not intend. Unintended activation can override normal task routing, inject extra workflow instructions, and increase the chance of inappropriate delegation or execution behavior in unrelated conversations.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The skill is written entirely in Chinese and presents its workflow as the default operating mode, which can pressure or implicitly force Chinese-language interaction without checking the user's language preference. This can degrade user understanding of delegated actions and safety-relevant instructions, especially when the skill changes task execution behavior.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal