Feature Implementation

Security checks across malware telemetry and agentic risk

Overview

This is a TDD-focused coding workflow skill that can change project files, but its behavior is disclosed and aligned with its purpose.

Install this only if you want an agent to help implement planned feature stages in a codebase. Prefer explicit invocation with a feature name and stage or change request, and review proposed file changes before committing because the skill is designed to write code, update task documents, and produce completion reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description includes broad trigger phrases such as '开始写代码' and '实现XX阶段', which can match common user requests and cause the skill to be invoked outside its intended scope. Because this skill performs implementation actions and directs use of tools and file updates, accidental activation could lead to unintended code changes or workflow execution.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal