Back to skill

Security audit

open-source-strategy

Security checks across malware telemetry and agentic risk

Overview

This is a text-only open-source strategy guide with no executable behavior, though its trigger wording and metadata are broader than ideal.

Safe to install as a strategy/reference skill. Consider narrowing the trigger wording and correcting the unsupported crypto/purchase capability tags so it is invoked only for open-source commercialization, growth, licensing, and community strategy questions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The activation description is very broad and includes many loosely related trigger terms such as product names and adjacent concepts, which can cause the skill to be invoked when the user did not actually request open-source strategy guidance. Over-broad routing is a real security and safety issue because it increases unintended tool/skill activation, expands the attack surface for prompt injection via irrelevant contexts, and can override a more appropriate specialized skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.