Multi Agent Roles

Security checks across malware telemetry and agentic risk

Overview

This is a descriptive multi-agent role template skill with no executable install steps, credential use, or hidden system access.

Safe to install as a reference/template skill. Before turning its examples into a real multi-agent system, define narrow routing rules, human approval for sensitive domains, and explicit limits on what data each agent may receive or share.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The binding routes the strategist agent on any direct message without additional topic or authorization constraints, creating an overly broad activation surface. In a multi-agent system, this can cause unintended invocation, misrouting of sensitive requests, and overexposure of a high-privilege planning role to arbitrary inputs.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example bindings use generic keywords like content, design, report, test, and bug with no contextual qualifiers, so normal conversation can accidentally trigger specialized agents. This ambiguity can lead to prompt routing errors, unintended data exposure between agent workspaces, and unreliable system behavior when users mention common terms outside the intended workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal