Game Development

Security checks across malware telemetry and agentic risk

Overview

This game-development skill is coherent and instruction-only, with the main consideration that it may create and reuse local project notes in your home directory.

Install if you are comfortable with the assistant maintaining local game-project notes under ~/game-development/. Review those files periodically, do not put credentials or private account data in them, and confirm before allowing the setup commands to create or modify files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The setup flow instructs the agent to create a workspace directory and multiple local files, and to change permissions, without explicitly requiring user consent or warning that filesystem state will be modified. While the actions are limited to the user's home directory and appear operational rather than malicious, silent file creation can violate user expectations and becomes riskier in agentic environments that may execute setup steps automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal