Back to skill

Security audit

Agent Queue To Reviewed Pr

Security checks across malware telemetry and agentic risk

Overview

The skill is a well-scoped workflow for turning prioritized tickets into human-reviewed draft PRs, with its external writes and local retention behavior disclosed.

Before installing, provision only a fine-grained one-repo forge token, configure the queue endpoints deliberately, use a dedicated preview/test browser profile, and run retention on schedule because screenshots may contain authenticated session data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly instructs an authenticated POST to an external endpoint that mutates ticket state (`status = 'needs-grounding'` / `stale-ack`) as part of normal operation. Even though the write is described as conditional and limited to final `STALE` cases, the skill lacks a prominent user-facing warning that executing this workflow changes external system state, which increases the risk of unintended status changes if an operator or downstream agent runs it without clear consent and review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.