Back to skill

Security audit

DevOps Engine

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only DevOps guide with templates and no hidden code, install-time execution, persistence, or data exfiltration behavior.

This skill is reasonable to install as a DevOps reference skill, but treat generated CI, Terraform, Kubernetes, and deployment changes as production-impacting work. Review plans before applying, use test branches or staging environments first, and provide only least-privilege temporary credentials when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill exposes very broad natural-language trigger phrases such as common DevOps requests without defining clear invocation boundaries or guardrails. In agent environments, this can cause unintended activation on ordinary conversation, leading the skill to take over workflows or influence tool-using behavior in contexts the user did not explicitly intend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal