Issue Prioritizer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate GitHub issue triage skill, but it grants broader authenticated GitHub command access than a read-only analyzer needs.

Install only if you are comfortable with the skill running under your authenticated GitHub CLI session. Prefer a fine-grained or read-only GitHub token, avoid using it on sensitive private issue trackers, and ask the publisher to narrow allowed tools to read-only commands such as `gh issue list/view` and `gh pr list/view`.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The skill is described as a read-only GitHub issue prioritizer, but the optional deep-analysis section instructs the agent to send issue content to an external LLM/API. That expands the trust boundary and can expose potentially sensitive repository data, private issue details, or prompt-injection content to a third party without being necessary for the core GitHub CLI-based functionality.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger prompts are fairly broad and map to common issue-triage language such as prioritizing bugs, ranking issues, and finding quick wins. Without tighter activation constraints, the skill may trigger on generic GitHub or project-management requests, causing misrouting, unintended data access within its read scope, or bypass of more appropriate skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal