Plan

Security checks across malware telemetry and agentic risk

Overview

This is a coherent planning skill, but it can automatically search past chats, other projects, and external sources before the user has clearly approved that scope.

Install only if you are comfortable with the agent using more than the current repository for planning. For private or sensitive projects, restrict the skill to local workspace reads, disable session/project search and external web/docs tools, and review generated plan files before handing them to /build.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger language is broad enough to activate on many normal requests such as 'write a spec' or loosely described feature/refactor discussions, which can cause the agent to invoke a high-capability skill unexpectedly. In this skill's context, that means granting Bash, Write, Edit, web/context MCP access, and plan-file creation when the user may have intended a narrower or read-only action, increasing the chance of unintended file modifications or over-collection of context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal