Complex Task Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent task-orchestration skill, with the main caution that it intentionally writes task logs and checkpoints for recovery.

Install only if you are comfortable with persistent task logs and checkpoint files. Avoid letting it record secrets, credentials, access-bearing document tokens, raw private prompts, sensitive file paths, or confidential content, and periodically review or delete generated logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill directs the agent to persist user requirements, key details, parameters, status, and progress to daily notes or work logs before any action. This creates a clear data retention risk because sensitive user content may be stored by default, potentially beyond task necessity, without minimization, consent, access controls, or retention limits.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal