GitHub 通知自动分拣

Security checks across malware telemetry and agentic risk

Overview

The skill appears to forward GitHub notification content and persist related metadata, which is sensitive enough to require review before installation.

Review the destination address, what notification fields are forwarded, and where workspace metadata is stored before installing. Use it only for repositories and notifications you are comfortable exposing to that recipient and to local workspace readers; avoid private/security-sensitive notifications unless the forwarding and retention behavior is explicitly acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill forwards full GitHub notification contents to another address and stores notification metadata in workspace files without an explicit warning or data-handling disclosure. This can expose sensitive repository details, security alerts, internal URLs, usernames, or PR context to unintended recipients or to other local processes/users with access to the workspace.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal