Github Ops

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Git/GitHub upload guide whose remote-push behavior is expected for its stated purpose.

Before using this skill, confirm you are in the intended project folder, review `git status`, check `.gitignore`, verify the GitHub remote URL and repository visibility, and avoid pushing secrets, private data, or files you do not want stored in GitHub history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to push local repository contents to GitHub but does not explicitly warn that this transmits files, history, and potentially sensitive material to a third-party remote service. In an agent setting, that omission can lead to unintended exfiltration of secrets, proprietary code, or private data if the user has not clearly authorized remote upload.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal