Project Summary

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only project summarizer that reads local repository files with read-only commands and does not install software, persist data, or request credentials.

Install only if you want an agent to inspect the current repository and summarize its structure. Run it from the project you intend to analyze, and review the generated summary for private filenames, dependencies, CI details, or internal notes before sharing it outside your workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are generic and closely match common user requests such as 'project summary' or 'what is this project', which increases the chance this skill is invoked unintentionally in unrelated contexts. Unintended activation can cause the agent to read large portions of a repository and expose internal project structure or metadata when the user did not explicitly request this specific skill behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal