Agent Routing Waste Audit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed code-review helper skill; it has powerful default review execution settings, but they are tied to its review purpose and documented with opt-outs.

Install only if you want an automated code-review closeout helper. Before using it on private or sensitive diffs, note that fallback reviewers may receive generated diff prompts, and consider `--fallback-reviewer none`, `--no-yolo`, `AUTOREVIEW_YOLO=0`, or `AUTOREVIEW_AUTO_TESTS=0` when you want tighter control over tool access and automatic test execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation criteria are broad enough to trigger on ordinary user questions about model choice, retries, or routing waste without an explicit invocation. That can cause unintended skill activation, leading the agent to follow this skill’s workflow in contexts where the user only wanted general discussion, which may create confusion, scope drift, or misrouting between sibling skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal