Back to skill

Security audit

Pr Description Generator

Security checks across malware telemetry and agentic risk

Overview

This is a local PR-description helper that reads git history and diffs, with optional save-to-file and clipboard features that are disclosed and user-invoked.

Install this only if you want an agent to inspect local git diffs and commit messages to draft PR text. Review generated output before posting it, avoid --copy on sensitive repositories unless you intentionally want repository-derived text on the system clipboard, and use --output only with a path you are comfortable creating or overwriting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and instructs use of shell execution and file-writing behavior via `python3 scripts/generate_pr_description.py`, `--output`, and `--copy`, but no permissions are declared. That mismatch can cause the agent framework or user to invoke capabilities with broader side effects than expected, especially against arbitrary `--repo` paths and local clipboard/output destinations.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill can write generated output to an arbitrary file path via --output, which expands it from a summarization tool into a general file-writing primitive. In an agent setting, that capability can be abused to overwrite files such as config, docs, hooks, or workflow artifacts outside the narrow PR-description role.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Clipboard manipulation is outside the core requirement of generating a PR description and exposes repository-derived content to another system channel. In an agent context, copying diffs, commit summaries, or secrets-derived text to the clipboard can unintentionally leak sensitive material to other applications or users on the same desktop session.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger set includes broad phrases such as `what changed` and `describe changes`, which are common in ordinary conversation and can cause unintended skill activation. In this skill, unintended invocation is more concerning because activation may lead to shelling out to git and potentially writing output files or clipboard contents, expanding the blast radius beyond a harmless text-only helper.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.