Quality Convergence Engine

Security checks across malware telemetry and agentic risk

Overview

This prompt-only review skill may shape code and architecture review responses, but it does not execute code, access data, or request credentials.

Install this if you want review-style responses focused on risks and measurable acceptance criteria. Be aware that because it is always-on and broadly triggered, it may influence ordinary review requests even when you did not explicitly ask for quality acceptance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger conditions are broad enough to activate on common review-oriented requests such as 'code/architecture review' or 'error-proofing,' which can cause the skill to engage outside a narrowly intended scope. In an agent setting, overly permissive activation can override user expectations, inject rigid evaluation behavior into unrelated tasks, and increase the chance of prompt-routing misuse or unintended instruction interference.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal