CI发布工程师 CI与发布门禁

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only CI release-readiness skill with no executable code, persistence, credential handling, or hidden data access.

Install this if you want a project-specific CI and release-gate reviewer. Confirm that the referenced Weline documents and named escalation role fit your environment, and require explicit user approval before treating its recommendation as an actual merge, release, notification, or CI configuration change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The 'When To Use' section includes broad keyword-based triggers such as CI, pipeline, and preflight, which can cause the skill to activate in contexts where it is only partially relevant. In an agentic system, over-broad activation can misroute tasks, apply the wrong policy set, or let this skill influence decisions outside its intended boundary, weakening security review and release gating quality.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal