Redux Saga

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Redux-Saga guidance skill with a mildly broad trigger phrase but no evidence of code execution, credential use, persistence, or hidden behavior.

Reasonable to install if you want an agent to use Redux-Saga guidance. Be aware it may activate on generic "saga" wording, and review generated application code involving auth tokens, API calls, deletes, or long-running tasks for your project-specific safety requirements.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad terms such as "saga" and references to common redux-saga concepts, which can cause the skill to activate on incidental discussion rather than clear requests for redux-saga guidance. This increases the chance of irrelevant instruction injection into unrelated contexts, though the content of the skill itself appears documentation-oriented rather than overtly harmful.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal