GitHub Issue Writer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed GitHub issue drafting tool with optional user-directed submission, not hidden data transfer.

Install this if you want help drafting GitHub issues and may want the agent to create them. Review the full issue title, body, labels, and target repository before approving submission, and use a least-privileged GitHub token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

External Transmission

Medium

Category: Data Exfiltration
Content: > **Prerequisites for submission:** > - `gh` CLI (authenticated via `gh auth login`) — preferred path > - `GH_TOKEN` env var — required for the curl API fallback > - `git` — used to detect the repo from `git remote get-url origin` > > Drafting (Steps 1–5) works without any of these.
Confidence: 95% confidence
Finding: curl API fallback > - `git` — used to detect the repo from `git remote get-url origin` > > Drafting (Steps 1–5) works without any of these. If the user says "submit", "create it", "go ahead", or simi

External Transmission

Medium

Category: Data Exfiltration
Content: curl -s -X POST \ -H "Authorization: Bearer $GH_TOKEN" \ -H "Accept: application/vnd.github+json" \ https://api.github.com/repos/{owner}/{repo}/issues \ -d '{ "title": "<title>", "body": "<body>",
Confidence: 97% confidence
Finding: https://api.github.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal