Auto Workflow 1.0.0 (1)

Security checks across malware telemetry and agentic risk

Overview

This skill is an automation helper, but it tells the agent to create and run automations proactively without clear user approval boundaries.

Install only if you want the agent to proactively draft automation ideas. Before allowing any generated script, scheduled job, email sender, file change, or external-service action, require explicit confirmation of scope and side effects, review the code/configuration, test on a small non-production target, and make sure there is a clear way to stop or undo it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly tells the agent to 'directly do it' and not wait for the user to ask before building automation. In an automation-oriented skill, this creates a real risk of unauthorized actions, script generation, or workflow execution affecting user data, external systems, or communications without informed consent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough that the skill may activate in loosely related contexts whenever a user mentions saving time or repetitive work. Because the skill's behavior includes creating workflows and scripts, unintended invocation can escalate from simple suggestion to unsafe automation behavior.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill frames its output as 'automation workflow + execution script' without any warning about permissions, destructive effects, testing boundaries, or review requirements. That omission is dangerous because users may receive executable automation artifacts affecting systems or data without any built-in safety checkpoint.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The instruction to act without waiting for a user request removes the normal consent boundary for an automation skill. In context, this is especially risky because the skill is designed to generate scripts and workflows, so premature action can lead to unauthorized changes, scheduled tasks, or outbound operations.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The description 'Builds automation workflows from repetitive tasks' is broad and does not clearly limit when the skill should be invoked. Over-broad routing criteria can cause the agent to activate this skill for ambiguous requests, leading to unintended automation behavior, excessive tool use, or execution in contexts the user did not intend.

Ssd 4

Medium

Confidence: 93% confidence
Finding: The skill normalizes autonomous action by teaching the agent to spot repetition and immediately automate it. Over time this pattern can bypass user authorization expectations and make unsafe, cumulative behavior seem routine, particularly in a skill intended to create executable workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal