Security audit

Software Data Github Interact Developer Helper 002325

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only developer workflow skill with overly broad trigger wording, but it contains no executable code, hidden data access, persistence, or destructive behavior.

Install this only if you want a broad GitHub-style development workflow helper. Expect it to influence answers for common development requests because implicit invocation is enabled; review its output before applying code changes or commands, and prefer explicit invocation when possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger sentences are broad, truncated, and overlap with common software-support requests, which can cause the skill to activate outside its intended scope. In an agent ecosystem, ambiguous activation boundaries increase the chance of unintended routing, prompt/context confusion, and misuse of the skill for actions it was not designed to handle.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad, repetitive, and include common terms like 'github', 'cli', 'issue', 'run', and 'api', which can cause the skill to activate in contexts far beyond its intended scope. In an agent ecosystem, over-broad invocation increases the chance of unintended workflow execution, context hijacking, or the wrong skill handling sensitive repository or automation tasks.

Vague Triggers

High

Confidence: 96% confidence
Finding: The skill description is broad enough to activate on many common software, GitHub, CLI, or issue-related requests that may not actually need this specialized workflow. Over-broad routing can cause the wrong skill to be selected, leading to irrelevant guidance, unintended authority over user tasks, and increased exposure to downstream risky actions in unrelated contexts.

Vague Triggers

High

Confidence: 98% confidence
Finding: The trigger list includes highly ambiguous terms like 'run', 'api', 'issue', and 'github' without qualifiers or negative examples, making accidental invocation very likely. In an agent environment, this can misroute a wide range of unrelated requests into a skill that may propose code, commands, or operational workflows the user did not intend to invoke.

Vague Triggers

High

Confidence: 95% confidence
Finding: 触发关键词包含非常通用的词，如“run”“api”“issue”，会显著扩大技能被自动匹配或误唤起的范围。在代理系统中，这类误触发可能导致本不相关的请求被该技能接管，带来错误操作、越权流程介入或对用户意图的错误解释。

Vague Triggers

Medium

Confidence: 87% confidence
Finding: 技能描述中的适用条件较宽泛，如“practical workflow, artifact, checklist, analysis, or implementation support”几乎可覆盖大量开发类请求，但缺少明确边界。对基于描述进行路由的代理而言，这会造成技能选择过度扩张，使其在并非 Github 交互场景下也可能被启用。

Vague Triggers

Medium

Confidence: 90% confidence
Finding: 示例触发句采用“I need a practical workflow...”等日常宽泛表达，且复用了大段通用需求描述，缺乏具体上下文约束。这会在示例学习或模板匹配场景中放大误触发概率，使系统把普通求助语句错误映射到该技能。

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The default prompt is overly broad and uses common workflow language like helping with bugs, hardening, reliability, and implementation support as an invocation cue. Because implicit invocation is enabled, this can cause the skill to activate in situations the user did not clearly intend, pulling the agent into GitHub-style workflows unexpectedly and increasing the chance of prompt-routing mistakes or overbroad tool use.

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger sentence begins with a very broad everyday phrase ('Help me') tied to a long generic requirement description, which can cause the skill to activate for many unrelated requests. Over-broad activation increases the chance of accidental invocation, context hijacking, or routing a user into a workflow they did not explicitly request.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger guidance is too open-ended and does not define clear activation boundaries, so the skill may match vague software-related requests that do not actually need this capability. In an agent-routing context, ambiguous scope can lead to incorrect tool selection, unintended execution paths, and reduced safety because the skill may be invoked outside its intended GitHub/CLI/issue-management domain.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal