teambitionweng

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward TeamBition task integration that can create or read tasks using configured TeamBition credentials, with no hidden behavior found.

Install only if you want an agent to have TeamBition task read/write capability. Use least-privilege credentials, configure a narrow default project, keep secrets in the platform’s secret storage rather than prompts or logs, and require user confirmation in your agent workflow before task creation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill performs a state-changing external action by creating a task in a third-party service immediately when invoked, without any confirmation, preview, or authorization check tied to the user request. In an agent setting, this can cause unintended writes, spam, or abuse of the connected Teambition workspace if the skill is triggered with untrusted parameters.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal