Nm Leyline Git Platform

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only reference skill for mapping GitHub, GitLab, and Bitbucket commands, with no bundled code or hidden automation.

Install this if you want a Git forge command translation reference. Keep normal tool approvals enabled, verify the target repository and active CLI account, and explicitly approve any command that creates, comments on, closes, approves, merges, or updates remote repository content. Review the upstream Night Market plugin separately if you install its hooks or automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list contains very broad terms such as "git," "platform," and forge names, which can cause the skill to activate in contexts where the user did not intend to use this specific capability. That increases the chance of inappropriate instruction injection into unrelated workflows and can steer agent behavior toward forge operations unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal