Git Release Notes

Security checks across malware telemetry and agentic risk

Overview

This release-notes skill is mostly coherent, but its helper script can run unintended local code if used on a repository with maliciously named refs.

Install only if you are comfortable with the skill inspecting local git history. Do not run its helper against untrusted repositories, branches, or tags until the ref interpolation bug is fixed, and review generated notes for private commit details or author emails before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill’s declared behavior is to produce polished, categorized release notes, but the analysis indicates it may instead emit raw git history JSON and expose author email addresses. That mismatch is security-relevant because users may invoke the skill expecting summarized documentation while the skill discloses more repository metadata and personal information than necessary, increasing the risk of unintended data exposure.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal