Security audit

gstack-review-skill

Security checks across malware telemetry and agentic risk

Overview

This is a code-review helper that may inspect repository changes and run tests, lint, or build commands, but that behavior is disclosed and fits its purpose.

Install this if you want an agent to perform hands-on code reviews in your repositories. Use caution on untrusted projects because tests, lint, build, and npx commands can run repository-controlled code; ask the agent to inspect files only if you do not want commands executed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger text is broad enough to activate on many ordinary user requests about code review, without clear boundaries or disambiguation. In agent systems, overly broad activation can cause the skill to run unexpectedly, increasing the chance of unintended command execution, repository inspection, or noisy/autonomous behavior outside the user's precise intent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The instruction 'When asked to review code' is an ambiguous activation condition that does not define what qualifies as a review request or what scope should be assumed. This can lead the agent to gather context, inspect diffs, and run tests in situations where the user did not explicitly authorize those actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal