Orchestration V1

Security checks across malware telemetry and agentic risk

Overview

This is mostly a team coordination guide, but it needs review because it includes under-scoped instructions for sending messages in an external chat and taking a post-send snapshot.

Install only if you need multi-agent workflow guidance and can tightly control or remove the Justin/Physical Strike section. Before any external message is sent, require human confirmation of the exact recipient/chat, exact message content, authorization to send, and how any snapshot will be stored or deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This skill defines a real-world chat/message sending workflow via a sole physical executor and includes operational checks, but it does not present a clear user-facing warning that message delivery is irreversible and may be sent to the wrong recipient if the target context is misidentified. In this skill context, that omission is more dangerous because the playbook operationalizes multi-agent handoffs into physical messaging actions, increasing the chance that automation or operator momentum leads to privacy breaches, misdelivery, or unauthorized communication.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal