Back to skill

Security audit

Software Data Github Interact Developer Helper

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be an over-broad workflow helper, but the supplied evidence does not show malware, hidden data access, or destructive behavior.

Install only if you want a broadly triggered GitHub/software workflow helper. Review its activation phrases and disable implicit invocation if you need tighter control over when it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad, repetitive, and partially generic (for example, 'Help me', 'I need a practical workflow', and a long requirement fragment), which can cause the skill to activate in contexts the user did not intend. In an agent environment, overbroad activation can route unrelated requests into this skill, leading to incorrect handling, confusion, or unsafe workflow recommendations being applied to the wrong task.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are extremely broad and can match ordinary requests like general help with workflows or practical support, causing the skill to activate outside its intended scope. In an agent ecosystem, this can lead to inappropriate routing, unexpected execution paths, and increased exposure to any unsafe behavior contained in the skill.

Vague Triggers

High
Confidence
97% confidence
Finding
The skill description is so broad that it can match a large range of ordinary software-development requests, increasing the chance of unintended activation. Over-broad routing can cause this skill to intercept prompts outside its intended scope, leading to incorrect tool use, policy bypass opportunities, or suppression of more appropriate specialized skills.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger keywords include very common, high-collision terms such as 'github', 'cli', 'issue', 'run', and 'api' without contextual constraints. These terms are likely to appear in many unrelated prompts, making accidental activation probable and expanding the skill's effective authority beyond its intended purpose.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example trigger sentences are truncated and malformed, so they do not clearly communicate when the skill should or should not activate. Ambiguous examples train or encourage permissive matching behavior, which can further increase accidental invocation and user confusion.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger keywords include very broad generic terms such as "run", "api", "issue", and "github", which can cause the skill to activate in many unrelated conversations. Overbroad activation increases the chance that the skill injects irrelevant workflow guidance into contexts where another skill or safer default behavior should apply, creating routing confusion and possible policy bypass by accidental invocation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description says the skill should be used for broad categories like software-and-data, github, interact, cli, and issue, but does not define clear inclusion and exclusion criteria. That ambiguity can cause the orchestrator or user to apply the skill outside its intended scope, leading to incorrect assistance, overreach into unrelated tasks, and unsafe assumptions about authority or applicability.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill enables allow_implicit_invocation without any visible guardrails, narrow trigger conditions, or explicit consent boundaries. That makes it easier for the platform to auto-route ordinary GitHub, software, or workflow-related requests into this skill unexpectedly, increasing the risk of overbroad activation, prompt collision, and unintended execution of the skill's workflow in contexts the user did not clearly request.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt uses broad, everyday phrasing such as 'help me' and general software/GitHub workflow language, which is likely to overlap with many benign user requests. In combination with implicit invocation, this broad prompt increases the chance of accidental triggering or routing, causing the skill to activate in situations where the user did not specifically intend to use it.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger sentence is broad enough to match ordinary user phrasing rather than a clearly scoped invocation, which can cause the skill to activate in unintended contexts. In an agent system, overbroad activation can route unrelated requests into this skill, leading to incorrect actions, confusing outputs, or unsafe workflow execution assumptions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation description relies on ambiguous natural-language phrasing and does not define clear boundaries for when this skill should or should not run. Because the skill covers a wide range of software-and-data tasks, ambiguous routing increases the chance of accidental invocation and misapplication to requests outside its intended scope.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.