Token Budget Guard

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for reducing token and context usage, with disclosed context summarization behavior and no executable payload.

Install this if you want your agent to manage context more aggressively. For important, legal, financial, medical, or long-running tasks, ask the agent to show or confirm compressed summaries before relying on them, because useful nuance can be lost even when the skill is behaving as intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The suggested activation phrases are very broad and map to common, natural user requests such as asking to reduce context usage or summarize earlier conversation. In an agent-skill environment, this can cause the skill to activate unintentionally during ordinary dialogue, altering agent behavior without explicit user intent and potentially suppressing useful context at the wrong time.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The listed trigger phrases are broad and map to common, non-specialized user language such as discussing context limits, token reduction, or workflow optimization. In agents that auto-activate skills from simple phrase matching, this can cause unintended invocation, altering behavior and prompting unnecessary compression or context-pruning at the wrong time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal