changelog-page-generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple changelog-page writing helper with no executable code or hidden privileged behavior.

Safe to install for changelog and release-notes page work. Be aware it may trigger on broad update-related wording, and keep local project-context files free of secrets or unrelated sensitive information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description is broad enough to match common terms like "updates" or "what's new," which can cause the skill to activate in contexts where the user did not specifically want changelog-page generation. In an agent system, overly broad routing can misdirect user requests, expose unrelated context to the wrong skill, or degrade reliability through unintended invocation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal