GitHub Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill gives broad GitHub workflow instructions, but its repository, credential, and release actions are disclosed and aligned with its stated purpose.

Install this if you want the agent to enforce a structured GitHub workflow. Before approving actions, confirm the target repository and GitHub account, prefer least-privilege tokens, require explicit approval for merges, releases, secret changes, branch protection, archives, or deletes, and keep credentials out of work logs and command output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is extremely broad and includes common terms like GitHub, git, repo, branch, merge, commit, and issue, which can appear in many ordinary discussions. This can cause the skill to activate outside its intended scope and impose workflow actions or behavioral directives in contexts where they are unnecessary, increasing the chance of unintended command suggestions or disruptive behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal