Security audit

Agent Org Manager

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only multi-agent organization template whose file writes, cron jobs, and inter-agent messages are disclosed and aligned with its stated purpose, but users should enable the automation deliberately.

Install only if you want a template for managing multiple scheduled agent roles. Before enabling cron templates, confirm the timezone, output paths, recipients, data allowed in reports, and how to disable or clean up recurring jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases ('agent team', 'agent organization', 'agent roster') are broad enough to activate in normal planning or discussion contexts, which can unexpectedly invoke a skill that creates organizational structures, schedules, and communication workflows. In this skill, accidental activation is more dangerous because the instructions immediately lead to persistent workspace modifications and multi-agent orchestration behavior.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This section instructs the agent to create files and communication artifacts in the workspace without warning the user that persistent changes will be made. That is risky because it can silently modify project state, create misleading organizational files, and establish message/alert channels that other agents or automations may later trust.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The learning workflow directs departments to 'Search 1-2 trends' and write results to dated files, but provides no privacy, provenance, or data-handling constraints. In practice, this can cause unsanctioned external queries, leakage of sensitive context to outside services, and accumulation of unreviewed external content in the workspace.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: Hard-coding 'Asia/Shanghai' is primarily a safety and operational integrity issue rather than a direct exploit primitive, but it can cause jobs to run at unexpected times relative to the user’s environment. In this skill, mistimed scheduled tasks matter because they may trigger autonomous searches and file writes when the user does not expect them.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The daily report template instructs an agent to summarize work and send it to another session without defining content boundaries. In an agent-organization context, this can cause over-sharing of sensitive internal context, credentials, customer data, or unrelated session content through routine automated reporting.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: Automatically sending reports via sessions_send creates an internal data-transfer channel without any warning or restrictions on payload content. In a multi-agent setup, this increases the risk of unintended propagation of confidential information across sessions and weakens containment assumptions around isolated runs.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal