Back to skill

Security audit

Git Security Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent repository security-scanning skill with expected cautions around external tools, secret-containing reports, and an optional pre-commit hook.

Install this only if you want an agent to help run repository security scans. Treat any scan output or saved reports as sensitive because they may contain real secrets, install external dependencies from trusted sources, and enable the pre-commit hook only in repositories where blocking commits on high-severity findings is desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill includes broad natural-language trigger phrases such as "Scan this repo for leaked secrets and security vulnerabilities" that closely match ordinary user requests for repository review. In agent environments that auto-route or suggest skills based on prompt similarity, this can cause the skill to activate unexpectedly on general audit requests, increasing the chance of unintended execution against sensitive repositories or workflows.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.