git-conventions
Security checks across malware telemetry and agentic risk
Overview
This skill is a simple Git workflow guide with no executable code, but it will encourage signed commits and user-confirmed remote pushes.
Before installing, make sure you are comfortable with every commit using Git sign-off, which records your configured name and email in commit history. Also review the branch, remote, and intended changes before approving any push, especially a force push.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.