Senior Backend

Security checks across malware telemetry and agentic risk

Overview

This backend skill appears purpose-aligned, but it includes high-impact database migration and load-testing commands without enough safety scoping.

Install only if you are comfortable with a backend operations skill that can guide agents toward database changes and API load tests. Run migration commands only on reviewed migration files, after backups, staging validation, and a rollback plan. Run load tests only against systems you own or are explicitly authorized to test, with conservative concurrency and rate limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The migration workflow includes commands that can apply database schema changes but does not warn about irreversible schema or data impact, downtime risk, or the need for backups and staging validation. In a backend engineering skill, such omissions can lead users or agents to run destructive operations directly against production systems.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill includes load-testing commands against live HTTPS endpoints without warning that they can degrade service, trigger rate limits, or resemble denial-of-service activity. Because the skill is specifically for backend operations, these examples are more dangerous since users may execute them against production APIs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal