Auto Workflow

Security checks across malware telemetry and agentic risk

Overview

This automation skill is not clearly malicious, but it tells agents to act proactively in a high-impact script/email/scheduling context without clear approval gates.

Install only if you are comfortable with an agent suggesting or creating automations. Before use, require explicit confirmation before any script is executed, any scheduled job is created, any email/message is sent, or any credentials or private files are used.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to 'directly do it, without waiting for the user to ask,' which encourages autonomous action beyond the declared trigger conditions. In an automation-building skill, this can cause the agent to generate or initiate scripts, emails, or workflow changes without clear user authorization, increasing the risk of unintended side effects and overreach.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough to match common conversation such as wanting to 'save time' or 'reduce manual work,' which can invoke the skill in contexts where automation was not actually requested. That increases the chance the agent shifts into workflow-building behavior unexpectedly and starts suggesting or preparing impactful actions prematurely.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill frames the output as 'automation workflow + execution script' and includes examples involving scheduled execution and automatic email sending, but it does not require safety checks, scope limits, or user warnings. In this context, missing guardrails are dangerous because generated automation can access data, affect external systems, and perform recurring actions at scale once deployed.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The manifest description is generic enough that the skill could activate for a wide range of loosely related user requests, increasing the chance of inappropriate invocation. Over-broad activation can cause unintended workflow generation in contexts where automation is unsafe, privacy-sensitive, or outside the user's actual intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal