project-deep-analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill that guides project analysis and debugging, with no executable code or hidden data handling.

Safe to install as an analysis aid. Use it with repositories, logs, stack traces, and design details you are comfortable having your agent inspect, and give clear scope limits when working with sensitive or production code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation guidance is broad enough to trigger on generic requests for understanding a project or troubleshooting issues, which can cause the skill to activate in many contexts beyond a narrowly scoped deep-analysis task. Overbroad triggering increases the chance that a powerful analysis skill is invoked on sensitive repositories or problem reports unnecessarily, expanding data exposure and enabling prompt-surface abuse through untrusted project content.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is broadly phrased around deep project analysis, architecture review, and debugging, which can cause it to activate for many generic software-engineering requests rather than a narrowly scoped task. Overbroad activation increases the chance the agent invokes this skill in unintended contexts, potentially exposing repository contents, steering responses unnecessarily, or interfering with more appropriate specialized skills.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal