Nm Leyline Error Patterns

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only error-handling skill, but it gives broad debugging guidance that can trigger often and includes under-scoped examples for raw context logging, agent spawning, and committing work.

Install only if you are comfortable with this skill being available during general debugging. Before adopting its examples, narrow when it is invoked, require explicit user confirmation before spawning agents or committing changes, and replace the raw context logging pattern with redaction, allowlisted fields, and alert-size limits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list contains broad terms like 'errors', 'recovery', and 'debugging' that are likely to match many ordinary conversations, causing the skill to activate outside its intended scope. Over-broad invocation increases prompt-surface area and can inject irrelevant or risky guidance into unrelated tasks, especially in agentic environments where skills are auto-selected.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The logging helper serializes and records the entire provided context object without any redaction, filtering, or size controls. In an error-handling skill, context commonly includes prompts, tokens, file paths, request payloads, credentials, or other sensitive operational data, so failures can unintentionally exfiltrate secrets into logs and alerts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal