Back to skill

Security audit

Competitive Agent Loop

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed multi-agent coding workflow, but it broadly auto-activates for development tasks and explicitly prefers a no-audit model for unrestricted judgment.

Install only if you intentionally want a multi-agent coding workflow that can spawn child sessions, persist task state, consume local model/GPU resources, and modify code through iterative implementation. Review or edit the trigger conditions and remove the no-audit model preference before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger condition is broad enough to auto-activate this skill for ordinary development tasks, which can cause unintended orchestration, spawning of multiple agents, and application of this workflow without explicit user intent. In a skill that can schedule child agents and iterate automatically, overbroad activation increases the chance of unwanted actions, resource use, and scope expansion.

Ssd 1

High
Confidence
97% confidence
Finding
The skill explicitly justifies using a 'No-audit version' because it enables unrestricted judgment, which is a direct red flag that safety or oversight constraints are being intentionally bypassed. In the context of a coding/orchestration skill that can plan, generate, and verify changes, this makes harmful or policy-evading behavior more likely and undermines trust in the agent's decision process.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.