gstack Handoff

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: creates a local handoff summary, with a minor caution that its trigger wording is broad.

Install this if you want a reusable handoff-summary helper. Use it intentionally, review the generated temporary file before sharing it, and avoid invoking it in conversations that contain secrets or private details unless you are comfortable with a redacted local summary being written.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill description explicitly suggests activation on broad everyday phrases like "handoff," "wrap up," and "save context," which can cause the skill to trigger in situations where the user did not intend to invoke it. In this skill, unintended activation could cause conversation content to be summarized and written to a temporary file, creating unnecessary data exposure risk and workflow confusion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal