Back to skill

Security audit

project-guide

Security checks across malware telemetry and agentic risk

Overview

This appears to be a project-requirements helper, but it can trigger broadly and persistently update project documents without clear user confirmation.

Install only if you want an agent to run a structured requirements workflow. Before use, require it to ask before entering the workflow and to preview any main.md or requirements.md changes before writing files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation condition in the frontmatter is broad enough to match many ordinary project-related conversations, which can cause the skill to trigger when the user did not explicitly ask for guided requirements collection. Mis-triggering can steer conversations into unintended file-generation workflows and increase the chance of collecting or writing information the user did not request.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger examples include vague phrases like wanting to start a project or mentioning a system idea, but they do not define boundaries or exclusions. In practice this can overmatch casual brainstorming and route users into a structured workflow that may generate artifacts or influence later automated development steps without sufficiently clear consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states that it will generate or update files like main.md and requirements.md, but it does not clearly disclose to the user that workspace files may be modified. This creates a consent and integrity risk: a user may think they are only chatting, while the agent writes persistent project documents that can affect downstream tooling or development behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.