Using Agent Skills Router

Security checks across malware telemetry and agentic risk

Overview

This is a text-only routing helper that guides an agent in choosing an appropriate skill and does not request credentials, execute code, or persist anything.

Safe to install as a lightweight routing aid. It may influence which other skill an agent chooses, so review any later skill or command before allowing sensitive, destructive, production, financial, or credential-related work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: - Do not turn small fixes into a full spec-plan-build-review cycle. - Do not load long reference files just to decide whether a skill applies. - Do not role-play multiple agents when the runtime cannot actually isolate their work. - Do not ask the user which skill to use when local context makes the choice clear.
Confidence: 80% confidence
Finding: Do not ask the user

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal