Git Engineering & Repository Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Git workflow guide with relevant but potentially powerful Git commands that users should review before applying.

Safe to install as an instruction-only Git strategy skill. Before using generated commands on an important repository, especially history rewriting, force pushes, global Git config, hooks, or branch protection changes, confirm the target repo and branch and make sure the team agrees with the workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill exposes broad trigger phrases such as 'Fix git problem' and 'Set up git for our project' that can match many ordinary user requests, making invocation scope ambiguous. In an agent environment, over-broad routing can cause this skill to activate in contexts the user did not intend, potentially leading to unsafe git guidance or repository-affecting actions being suggested without sufficient scoping.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal