C++/CPP Code Style

Security checks across malware telemetry and agentic risk

Overview

This is a simple C++ style-guide skill with disclosed formatting guidance and no hidden access, scripts, networking, or persistence.

Install this if you want C++ work to follow this style guide. Review diffs after use, especially `.clang-format` changes and files formatted with `clang-format -i`, and let explicit project or user language conventions override the English-comment rule when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description says C++/CPP code should use this style and to read these rules before coding, which is broad enough to trigger in many unrelated contexts. Overly broad activation can cause the agent to apply the skill when not explicitly requested, potentially overriding higher-priority user preferences or project-specific conventions and leading to unintended behavior.

Natural-Language Policy Violations

Medium

Confidence: 79% confidence
Finding: Mandating English comments without user choice or a documented policy can cause the agent to ignore user or project language requirements. In this context it is not a direct code-execution risk, but it can lead to policy misalignment, reduced usability for intended collaborators, and unnecessary modification of existing documentation conventions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal