Autonomous GitHub Team

Security checks across malware telemetry and agentic risk

Overview

This is a high-risk GitHub automation skill, but its powerful repository access and script execution are clearly disclosed and aligned with its stated purpose.

Install only if you are comfortable auditing and running external bash scripts that can modify a GitHub repository. Use a fine-grained PAT limited to a single test or forked repo, keep config.env private, review the pinned external scripts before running, and require branch protection plus human review before anything reaches main or production.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are very broad and map to common software-development requests such as code review, CI/CD automation, and bug fixing. Because this skill can clone remote code, run shell scripts, and act with GitHub write privileges, accidental invocation could cause unintended execution and repository modification.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal