Launchthatbot Git Team Ops
Security checks across malware telemetry and agentic risk
Overview
This skill is a disclosed GitHub workflow helper; its senior powers are high impact but are purpose-aligned, PR-based, and not hidden.
Install this only for repositories where agent-driven GitOps is intended. Prefer managed or BYO GitHub App mode with minimal repository permissions, avoid broad PATs, and review the workflow and CODEOWNERS bootstrap PR before merging. Treat senior mode as privileged because it can merge PRs and trigger release or deployment workflows.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.