Finishing Branch

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is a coherent Git branch cleanup workflow, with expected repository-changing actions that are disclosed and user-directed.

Install only if you are comfortable with a Chinese-language Git workflow. Before using merge, push, PR, or discard options, confirm the repository, branch names, remote, test results, and deletion confirmation text.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill content is written entirely in Chinese and prescribes exact Chinese output without offering a user-language choice or documenting a legitimate locale requirement. In a multi-user agent environment, this can cause misunderstanding of destructive git actions, confirmations, and workflow decisions, increasing the chance of operator error rather than enabling direct code execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal