Nm Sanctum Update Readme

Security checks across malware telemetry and agentic risk

Overview

This is a technical documentation skill whose repo reading, docs edits, and optional sub-agent review behavior are disclosed and aligned with its purpose.

Install if you want an agent to help audit or maintain repository documentation and agent/contributor guidance. For sensitive repositories, ask for report-only mode first, and review any proposed changes to AGENTS, CONTRIBUTING, .agents, or .cursor because those files can influence future tooling behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes broad, common terms like "readme," "documentation," "research," and "structure," which are likely to match many unrelated user requests and cause this skill to activate outside its intended scope. In this skill's context, unintended invocation could prompt unnecessary repository inspection, web research, and file modification guidance, increasing the chance of accidental edits or over-collection of context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal