Software Data Github Interact Developer Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only helper for GitHub-style developer workflows, with overly broad activation wording but no evidence of hidden execution, credential use, persistence, or data exfiltration.

Before installing, consider whether you want a broad GitHub/developer-workflow helper to be implicitly selectable. It appears safe as a documentation skill, but tighter triggers would reduce accidental use on unrelated software questions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger sentences are broad, repetitive, and partially truncated, which can cause the skill to activate for loosely related requests rather than explicit user intent. In an agent ecosystem, overbroad activation increases the chance of unintended invocation, context hijacking, or the wrong workflow being applied to sensitive software-development tasks.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are very broad and map to common terms like 'github', 'cli', 'issue', 'run', and 'api', which increases the chance this skill activates for unrelated user requests. In an agent environment, overbroad activation can route tasks to the wrong skill, causing unintended actions, confusion, or unsafe workflow execution in contexts the skill was not meant to handle.

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill description is scoped so broadly that it can match many ordinary software-help requests, causing unintended activation. Over-broad routing can expose users to the wrong workflow, create prompt/skill hijacking opportunities through ambiguous invocation, and reduce the reliability of safety boundaries between specialized skills.

Vague Triggers

High

Confidence: 98% confidence
Finding: The keyword list includes highly generic terms such as 'run', 'api', 'issue', and 'github', which are common across many unrelated tasks. This makes accidental or adversarial triggering much more likely, potentially diverting requests into this skill when another safer or more appropriate skill should handle them.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example trigger sentences are vague and effectively restate the broad requirement rather than showing crisp activation boundaries. This reinforces ambiguous matching behavior and makes it harder for both users and orchestrators to distinguish when the skill should or should not be selected.

Vague Triggers

High

Confidence: 93% confidence
Finding: The trigger keyword list includes broad, common terms such as "run", "api", "issues", and "github", which can match many unrelated user requests and cause unintended skill activation. Over-broad activation can route conversations into an inappropriate workflow, increasing the chance of irrelevant guidance, prompt-scope confusion, or accidental execution of actions the user did not intend.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description defines a very broad scope covering software, data, GitHub, CLI, issues, workflows, analysis, and implementation support without clear boundaries for when the skill should or should not activate. This ambiguity makes accidental invocation more likely and may cause the system to apply this skill in contexts where its assumptions or workflow are not appropriate.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The example trigger phrases are generic help-seeking formulations and do not distinguish this skill from many other assistant tasks. Without negative examples or sharper task markers, these examples can bias matching toward over-activation, contributing to poor routing and unintended use of the skill.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The default prompt contains very broad, common terms like 'help me' and generic workflow language that can match many unrelated user requests, increasing the chance of unintended skill activation. In combination with a helper skill that can influence development and GitHub-style workflows, this can cause unprompted routing into the skill, exposing users to irrelevant or potentially risky actions.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: Enabling implicit invocation without tightly scoped activation constraints allows the platform to auto-select this skill based on ambiguous user intent. Because the skill is positioned as a broad developer helper for bugs, hardening, reliability, and adjacent workflows, accidental invocation is more likely and could steer conversations or actions in ways the user did not explicitly request.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger sentence is extremely broad and begins with generic language like 'Help me', which can overlap with ordinary user requests unrelated to this skill. In an agent-routing system, this can cause accidental invocation, misrouting, and unintended exposure of the skill's behavior in contexts where a more specific or safer skill should have been selected.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The phrase 'I need a practical workflow for ...' lacks clear activation boundaries because 'practical workflow' is generic and applicable to many unrelated tasks. This ambiguity increases the chance that the skill activates outside its intended scope, leading to confused routing, incorrect assistance, or suppression of a more appropriate skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal