Back to skill

Security audit

Git Conflict Resolver / Git 冲突解决助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a lightweight Git conflict-resolution prompt with no bundled executable code, but users should review any automated merge results before committing.

Install only if you are comfortable with an assistant attempting to resolve Git conflicts. Run it in a clean working tree, review git status and git diff carefully, and commit only after confirming the merged files are correct.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick-start command explicitly states it will automatically resolve all detected merge conflicts and then stage the resulting files, but the skill provides no warning that it modifies repository contents and index state. In a merge-conflict context, automated resolution can silently discard one side of a conflict, introduce broken code, or stage unintended changes, increasing the chance of accidental loss or unsafe commits.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The overall skill description repeatedly promotes one-click automatic conflict resolution without any caution about repository mutation, semantic merge errors, or the need for human review. Because merge conflicts often occur in sensitive code and configuration, presenting automation as frictionless can mislead users into trusting destructive changes that may not be correct.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.