Task Review Workflow
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only PR review workflow whose risky actions are disclosed and aligned with reviewing and merging pull requests.
Install this only if you want an agent to participate in PR review and post-merge cleanup. Limit its GitHub and Trello permissions to the intended repositories/projects, use protected branches, require human approval for merges if needed, and run PR validation in an isolated workspace without sensitive environment variables.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.