Back to skill

Security audit

Agentic Engineering

Security checks across malware telemetry and agentic risk

Overview

This is a text-only workflow guide for using coding agents, with some practical safety caveats around screenshots, environment files, and git recovery commands.

Reasonable to install as a workflow guide. Before following it, sanitize screenshots, keep secrets out of prompts and terminal captures, avoid sharing .env values, and double-check git state before running destructive recovery commands like git reset --hard.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill strongly encourages sharing screenshots with the agent but provides no warning to avoid capturing secrets, customer data, tokens, internal dashboards, or other sensitive information visible on screen. In an agentic engineering context, screenshots may easily include credentials, PII, production data, or proprietary code, so this omission materially increases the risk of inadvertent data disclosure to the model or connected tooling.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Telling users to use psql and 'see .env for connection' normalizes accessing credential-bearing files without any caution about exposing secrets to the agent, logs, screenshots, or prompts. In this coding-agent setting, users may paste or grant access to .env contents, which can leak database credentials and enable unauthorized access to development or production systems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill includes `git reset --hard` as a recovery step without any explicit warning that it permanently discards uncommitted changes in the working tree and index. In a workflow aimed at running multiple agents in the same repository, this is especially risky because users may execute it quickly during conflict recovery and unintentionally destroy unrelated local work.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal