GitHub Actions Failure Hour Audit
Security checks across malware telemetry and agentic risk
Overview
This skill is a local reporting tool for GitHub Actions failure JSON exports and shows no hidden, destructive, or unrelated behavior.
Install only if you are comfortable running a bash/python script over local GitHub Actions JSON exports. Set RUN_GLOB narrowly to the files you intend to audit, especially before sharing JSON output because it can include repository, workflow, branch, run URL, run ID, and local file path details.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.