CTO & Engineering Excellence Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a broad CTO-style guidance skill with overbroad activation wording, but it is instruction-only and does not hide code, credentials access, persistence, or destructive behavior.

Install this only if you want a broad CTO/governance playbook to shape coding and architecture work. Expect it to push strict standards and security scanning even for routine tasks, and verify or pin any external scanner command before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 98% confidence
Finding: The skill description is intentionally overbroad, explicitly saying to trigger for "ANY coding task" and "If in doubt, use this skill." In an agent environment, such catch-all activation increases the chance this skill is invoked for unrelated requests, expanding prompt-surface area and creating a form of over-privileged behavioral influence across many workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal