GitCode PR Audit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GitCode PR audit tool that reads PR metadata with a user-provided token and can optionally save a local report.

Install if you need GitCode PR audit reports and trust the publisher. Use a read-only or least-privilege GITCODE_TOKEN where possible, review repo/date ranges before using --all, and choose --output paths carefully because reports may include internal PR titles, links, labels, and review details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 81% confidence
Finding: The skill allows writing results to a user-specified path via --output but does not warn about overwriting existing files or other filesystem side effects. In an agent context, this can lead to accidental clobbering of local files if a sensitive or unintended path is provided, especially on systems where the agent has broad filesystem access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal