Git Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a local Git helper with disclosed repository-changing commands and no evidence of hidden access, network exfiltration, or credential use.

Install only if you want a local Git helper. Treat `ignore`, `undo`, and `fresh-branch` as repository-changing commands: run `git status` first, make sure you are in the intended repository, and use them only when you want to modify Git state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is broad enough that an agent may invoke it whenever Git-related work is mentioned, even if the user did not explicitly request repository-modifying actions. Because this skill includes write-capable commands such as branch creation, .gitignore modification, and commit undo, vague trigger language increases the chance of unintended destructive or policy-violating use.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The listed commands include operations that alter repository state, but the skill metadata provides no warning that these actions can create branches, edit .gitignore, or undo commits. In an agentic environment, missing warnings and confirmation requirements can lead to accidental changes, loss of work, or disruption of the user's repository history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal