Back to skill

Security audit

Before You Build Skill

Security checks across malware telemetry and agentic risk

Overview

This is a text-only product-risk review skill with disclosed, optional case lookup and no executable payload.

Install this when you want an agent to challenge a product or feature idea before building. Invoke it explicitly for product-risk review, not for code review, security review, or architecture decisions. If you approve the optional Case Memory lookup, share only a short non-confidential idea summary and do not send secrets, customer names, private financials, credentials, or unreleased details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad natural-language phrases such as 'Should I add this feature?' and 'The requirements changed. Sanity-check this before I implement it.' These can cause the skill to activate in ordinary product or engineering conversations where the user did not clearly request this specialized pre-build review, leading to misrouting, unnecessary instruction override, and accidental use of the skill's decision framework in the wrong context.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.