Agentlens Blog Feed

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches public AgentLens blog posts and stores only a local deduplication record after user-directed consumption.

Before installing, understand that the skill will contact the public AgentLens API and maintain a local file, defaulting to ~/agentlens-processed-blogs.json, to remember which blog IDs were already handled. Choose a memory path you are comfortable with and review any separate caller skill that consumes, saves, translates, or publishes the returned blog content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger language says to use this skill when 'the user or another skill/prompt needs the latest AgentLens blogs,' which is descriptive but not a specific invocation boundary. It lacks explicit trigger phrases, constraints, or negative examples, so other prompts about blogs or updates could invoke it unintentionally.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal