gstack Retro

Security checks across malware telemetry and agentic risk

Overview

This is a local git retrospective skill whose contributor analysis and saved history are disclosed and aligned with its stated purpose, though users should treat the stored people-focused metrics as sensitive.

Install only if you are comfortable with a local tool reading git history, naming contributors, generating people-focused feedback, and saving retro snapshots in memory/. Do not use the generated growth or performance-style sections as formal evaluation without team consent, and periodically review or delete saved retro JSON files if they contain sensitive team information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill explicitly persists detailed retrospective history to `memory/`, including metrics, authors, streaks, and a summary, without any user consent, retention limit, or privacy notice. Because the skill analyzes named contributors and behavioral patterns over time, this creates a durable store of potentially sensitive workplace profiling data that could be exposed to later runs, other skills, or unauthorized readers of the workspace.

VirusTotal

No VirusTotal findings

View on VirusTotal