Vague Triggers
Medium
- Confidence
- 91% confidence
- Finding
- 触发示例“帮我 review 这段代码:[代码片段]”过于宽泛,容易与普通的代码咨询或日常开发对话重叠,导致代理在并非明确请求该 Skill 时也错误触发。对一个会处理用户提供代码并输出结构化审查结果的 Skill 来说,误触发会带来上下文混淆、错误路由和不符合用户预期的行为。
Code Review
Security checks across malware telemetry and agentic risk
Overview
This is a legitimate code-review skill, but it needs review because it can inspect local git changes without a clear consent or scoping step.
Install only if you are comfortable with the agent reviewing code and local git diffs. Prefer invoking it explicitly with a pasted snippet, a specific diff, or clearly named files, and confirm what repository changes will be read before using it in private or secret-bearing workspaces.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)
Vague Triggers
Medium
- Confidence
- 87% confidence
- Finding
- “审查这个 PR:[diff 内容]”虽然表达了用途,但仍然缺乏明确的调用边界,可能与一般性的 PR 讨论、总结或翻译请求混淆。若代理将任意提到 PR 的请求都路由到该 Skill,可能导致不必要的代码分析、错误输出格式,甚至覆盖更合适的工具选择。
Vague Triggers
Medium
- Confidence
- 94% confidence
- Finding
- “快速检查这段代码:[代码]”是非常通用的表达,几乎可覆盖普通问答、调试协助、解释代码等大量日常请求,因此存在较高误触发概率。这类过泛触发会使 Skill 抢占其他本应由更通用或更专门工具处理的请求,降低系统可预测性并增加提示注入面的暴露机会。
Natural-Language Policy Violations
Medium
- Confidence
- 83% confidence
- Finding
- README 声明“中文优先——审查报告和说明使用中文”,但未说明是否尊重用户语言偏好或提供选择机制,存在输出语言与用户预期不匹配的风险。这通常不是直接安全漏洞,但会造成可用性、合规性和操作错误风险,特别是在多语言团队或依赖英文安全术语的审查场景中。
Vague Triggers
Medium
- Confidence
- 80% confidence
- Finding
- The trigger conditions include broad natural-language phrases such as '帮我看看代码' and '这段代码有问题吗', which can overlap with ordinary conversation and cause the skill to activate unexpectedly. In a skill that may read code, diffs, and repository context, accidental invocation increases the chance of unintended access to sensitive source code or workspace data.
Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The skill instructs the agent to proactively run `git diff` to collect local changes without first informing the user that workspace contents will be read. This can expose unpublished code, secrets, or sensitive business logic from the local repository, especially when the skill is triggered implicitly or in shared environments.
VirusTotal
VirusTotal findings are pending for this skill version.