Back to skill

Security audit

Software Data Github Interact Developer Helper

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a broadly scoped GitHub/developer workflow helper, with no artifact-backed evidence of hidden actions, data theft, destructive behavior, or unsafe persistence.

Install only if you want a general GitHub/developer workflow helper. Because its trigger wording appears broad, review when it activates and avoid letting it run repository or GitHub actions unless you explicitly asked for that task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad, generic, and partially templated, which increases the chance that the skill activates in contexts only loosely related to GitHub workflow assistance. In an agent ecosystem, overbroad activation can cause the wrong skill to be selected, leading to unintended actions, confusing delegation, or execution of workflows against repositories/issues when the user did not clearly request that behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad, repetitive, and partially template-like, so they can match loosely related user requests and cause the skill to be invoked outside its intended scope. In an agent ecosystem, unintended invocation can route users into workflows that perform GitHub-style issue, CLI, or implementation assistance when the user only mentioned adjacent terms, increasing the chance of inappropriate actions or confused task execution.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger keyword list is overly broad and includes generic terms like 'run', 'api', 'issues', and 'github', which are likely to appear in many unrelated user requests. This can cause unintended invocation of the skill, leading the agent to apply the wrong workflow or expose capabilities in contexts where they were not intended.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example trigger sentences use vague everyday phrasing and effectively encourage activation from broad natural-language requests. Because the examples lack clear boundaries or disambiguation rules, they increase the chance of accidental routing to this skill when users are asking for general software help rather than this specific GitHub-interaction workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger keywords are very broad and include common terms like github, cli, issue, run, api, issues, prs, and bug fix. This can cause the skill to activate for many unrelated developer requests, leading to misrouting, over-broad authority, or accidental use in contexts where a narrower skill should apply.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description defines its usage scope in very broad terms such as helping with software-and-data, github, interact, cli, issue, or practical workflows, artifacts, checklists, analysis, or implementation support. Because these categories overlap heavily with normal development tasks, the skill may be invoked outside its intended purpose, increasing the risk of incorrect task capture or policy bypass through ambiguous routing.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The default prompt is broadly phrased around common development tasks ('help me', 'fixing bugs', 'hardening', 'workflow') without meaningful scoping or explicit invocation constraints. This can cause the skill to be implicitly selected for ordinary user requests, increasing the chance of prompt hijacking, unintended routing, or overbroad access to workflows the user did not specifically request.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger sentence begins with a very broad phrase ('Help me') and then appends a long generic requirement description, making accidental invocation plausible from ordinary user text. In an agent-routing context, overly broad triggers can cause the wrong skill to activate, exposing users to unintended workflows, confusing outputs, or unsafe action suggestions in contexts that did not actually request this skill.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Although the sentence adds more context, it is still ambiguous because it describes a broad class of software-help needs rather than a narrowly scoped operation. This can lead to misrouting for many benign development requests, causing the skill to over-match and potentially steer users into irrelevant or higher-risk GitHub-style actions they did not intend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.