GitHub + ACR 项目发布流程

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed release/deployment helper, but its broad trigger words can initiate high-impact GitHub, registry, and server deployment workflows with unclear project scoping.

Review this skill carefully before installing. It is suitable only if you want an agent to help run real release workflows, including git commits, pushes, tags, GitHub releases, ACR image delivery, and optional SSH-based server updates. Prefer using explicit project names and require a final confirmation before any git push, tag, release, registry, or server command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The skill advertises broad trigger words like “发布” and especially “push”, which are common in normal conversation and routine Git workflows. In an automation skill that can commit, tag, push, deploy, and update servers, ambiguous triggers materially increase the chance of accidental invocation and unintended release actions.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The trigger condition table maps vague inputs like “发布”, “发版”, and “push” directly to a full release flow without clear scope restrictions or exclusion rules. Because the documented workflow includes irreversible operations across GitHub, ACR, and remote servers, this ambiguity creates a real risk of unintended execution from benign user utterances.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal