GH Triage

Security checks across malware telemetry and agentic risk

Overview

This GitHub triage bot matches its stated purpose, but it can automatically change repositories and run repository code with a GitHub token, so it needs careful review before installation.

Install only for trusted repositories with a dedicated least-privilege GitHub token. Disable or sandbox auto-fix unless you intentionally want repository code to run on the host, add a dry-run or approval step before pushes and PRs, and clean temporary work directories because they may retain token-bearing git configuration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill automatically stages, commits, pushes changes to the remote repository, and opens a PR after executing untrusted repository-defined commands like npm scripts, formatters, and tests. In this context, those commands can modify arbitrary files or inject backdoors, so performing a remote push without explicit user approval creates a dangerous supply-chain path from untrusted code execution to persistent repository changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal