Back to skill

Security audit

Yaml Config Validator

Security checks across malware telemetry and agentic risk

Overview

This is a simple YAML review skill with disclosed promotional links and no executable code or hidden system access.

Before installing, note that the skill includes advertising and affiliate links. Avoid pasting secrets inside YAML, and treat any suggested local command as something to review before running, especially if it would contact a cluster or service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The usage examples are broad enough that the skill could activate on loosely related YAML-analysis requests without clear boundaries. In an agent environment, overbroad activation can cause the skill to intercept unintended tasks, increasing the chance of prompt contamination, irrelevant behavior, or accidental disclosure of user-provided configuration content to skill logic not explicitly requested.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.