Nm Spec Kit Spec Writing

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk requirements/specification writing skill with only minor activation-scope ambiguity.

Install if you want help drafting requirements or specifications. Be aware that broad trigger words may steer the agent into a formal spec workflow when you meant a casual discussion, so invoke it explicitly for product specs, user stories, or acceptance criteria.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrase "requirements" is broad enough to appear in many ordinary product, planning, and documentation conversations, so this skill may activate when the user did not intend to invoke specification-writing behavior. Unintended invocation can steer the agent into producing the wrong workflow or exposing downstream capabilities/modules in contexts where they were not requested.

Vague Triggers

Low

Confidence: 78% confidence
Finding: The trigger phrase "specification" is somewhat ambiguous because it can refer to many technical or business artifacts outside this skill's intended scope. That ambiguity increases the chance of accidental activation, though the term is narrower than "requirements" and therefore presents a lower-risk version of the same problem.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal