Github 1
Security checks across malware telemetry and agentic risk
Overview
This skill is a small GitHub helper that tells an agent how to use the GitHub CLI, with no hidden code, install script, persistence, or scanner findings.
Install only if you want your agent to use your existing GitHub CLI access. Review the repositories and permissions available to `gh`, because future agent actions using this skill may read or change GitHub data if you ask for write operations.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.