Back to skill

Security audit

Triangulate

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent multi-agent decision tool, but it asks to auto-run broad orchestration workflows that can spawn sessions without explicit per-use confirmation.

Install only if you want a broad decision-analysis skill that may delegate work to multiple agent sessions. For security, crawling, reverse engineering, or penetration-testing use, keep tasks explicitly authorized and scoped. Consider requiring manual invocation or confirmation before allowing it to spawn sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill is presented as a general decision-analysis engine, but its bundled domain templates explicitly include web crawling, penetration testing, and reverse engineering. That materially broadens the skill into dual-use/high-risk areas without corresponding scope restrictions, authorization checks, or safety gates, making it easier to repurpose a benign orchestration skill for harmful operational guidance.

Vague Triggers

High
Confidence
95% confidence
Finding
The auto-activation rules are broad enough to trigger on many ordinary analytical requests, causing the skill to take over workflows unexpectedly. Because this skill can spawn isolated sessions and orchestrate multi-agent execution, overbroad activation increases the chance of unintended tool use, unnecessary delegation, and expansion of task scope without clear user consent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Fallback trigger phrases such as generic requests for help deciding or analyzing from multiple angles are too vague and overlap with normal conversation. This can cause accidental invocation of a powerful orchestration skill in contexts where the user did not intend multi-agent processing, increasing the risk of excess computation, unintended external skill dispatch, and confusing behavior.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.