Giga Coding Agent

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate coding-agent workflow guide, but it encourages high-privilege unattended agent execution and raw sharing of sensitive review/session material without enough containment guidance.

Install only if you intentionally want high-power unattended coding-agent workflows. Prefer sandboxed modes, run in an isolated checkout or container, do not pass API keys on the command line, review generated comments before posting to GitHub, and redact prompts/session logs/secrets before sharing them externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly recommends `codex --yolo` and `--full-auto`, including noting that `--yolo` bypasses approvals and sandboxing, but it does not give a direct safety warning about arbitrary code execution, filesystem modification, or network/system side effects. In a skill whose purpose is to launch coding agents in background mode, this materially increases the chance that users will run destructive or unreviewed actions non-interactively.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The guidance tells users to post generated review output directly to GitHub via `gh pr comment` without warning that this sends model-generated content, potentially including proprietary code snippets, secrets, or internal analysis, to an external service. Because PR review text is often derived from repository contents, this creates a realistic data disclosure risk.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The Pi agent section documents `--api-key <key>` and shows provider/model usage without warning against passing secrets on the command line. Command-line secrets can leak via shell history, process listings, logs, and session capture tools, especially in the background/tmux-oriented workflows promoted by this skill.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The PR template instructs inclusion of exact original prompts, timestamped prompt history, and session logs when submitting to external repositories. Those artifacts can easily contain sensitive user requests, internal paths, tokens, stack traces, proprietary context, or other data never intended for public disclosure.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal