Vibe Coding Mastery

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only AI coding guide with disclosed templates and safety checklists, not an executable or credential-seeking skill.

Safe to install as a guide. Treat its rules-file templates like project configuration: keep them project-specific, do not include secrets or private data, and be careful when copying example git recovery commands because commands like checkout can discard local changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The manifest description is extremely broad and markets the skill as a complete system for building software with AI across many tools and stages. That can cause over-triggering on generic coding requests, pulling this skill into contexts far beyond its intended scope and increasing the chance that users receive risky high-autonomy guidance in inappropriate situations.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal