Git Tool

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Git helper that can change repositories when asked, but its behavior matches its stated repository-management purpose.

Install this only if you want an agent to run Git commands in your workspace. Review or explicitly approve state-changing actions such as add, commit, stash-pop, push, and pull, especially in repositories with configured remotes or saved credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documentation instructs the agent to run local Python commands that operate like shell-capable tooling, but no permissions are declared to gate or inform that execution capability. In an agent environment, undeclared execution privileges create a trust gap: the skill may be invoked without users or policy layers understanding that it can trigger repository-modifying actions such as init, commit, branch, or stash.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The description says the skill should be used whenever a user needs to manage repositories or automate git workflows, which is broad enough to trigger in many ambiguous situations. Overly broad activation increases the chance the agent selects a shell-capable skill unnecessarily, exposing repository state or causing unintended modifications when a narrower, read-only or non-executing response would have been safer.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal