Django Production Engineering

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Django production guidance skill with no hidden code, persistence, or data collection, though users should review any project changes an agent proposes from it.

Install only if you want an agent to advise on Django production work. Before allowing actions, confirm the target project and manually review generated migrations, authentication changes, CI/CD files, Dockerfiles, deployment commands, and any commands that touch a real database or production environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The skill defines very broad natural-language triggers such as 'Review this Django project' and 'Deploy this Django app' without any scoping, confirmation, or safety boundaries. In an agent setting, this can cause accidental invocation during ordinary conversation and may lead the agent to take expansive actions or generate high-impact operational guidance without explicit user intent verification.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal