Back to skill

Security audit

OpenGemini SaaS Builder

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SaaS project-building skill with expected Gemini, GitHub, and Vercel helpers, but users should be careful before sharing sensitive prompts or publishing code.

Install this only if you want an agent to help orchestrate full SaaS or web-app builds. Before running Gemini helpers, remove secrets and confidential customer or business data from prompts. Before GitHub or Vercel steps, confirm the current directory, account, repository name, visibility, environment variables, and that no sensitive or unfinished files will be pushed or deployed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is extremely broad and matches many ordinary software-building requests, increasing the chance the agent will invoke this high-capability orchestration skill in situations where a narrower, safer skill would be more appropriate. Because the skill can guide repo creation, GitHub operations, and optional deployment, over-triggering expands the operational surface and can lead to unintended external actions if later prompts are ambiguous.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script creates a GitHub repository and immediately pushes the current working tree to a remote without any interactive confirmation, dry-run, or explicit warning to the user. In the context of a SaaS-building skill, this increases the risk of unintentionally publishing sensitive source code, secrets, internal files, or incomplete work if the script is invoked from the wrong directory or with an incorrect repository name/visibility setting.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script sends user-supplied project and brief content directly to the external `gemini` CLI, which likely forwards that data to an AI service, without any notice, consent, or filtering. In a SaaS-building skill, those inputs can easily contain proprietary product ideas, credentials, internal architecture details, or customer data, so silent outbound transmission creates a real data exposure risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends the user-supplied project name and brief directly to the `gemini` CLI, which is a networked LLM call, without any warning, consent step, or data-sensitivity check. In this skill's context, briefs may contain product ideas, internal constraints, credentials-by-mistake, or customer/business data, so silent transmission to an external model provider creates a real confidentiality and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.