Zod Complete Documentation

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Zod reference skill with no evidence of hidden actions, credential access, persistence, or code execution.

This skill appears safe to install as a local Zod documentation helper. Be aware it may activate on broad validation or TypeScript-related prompts, so verify against official Zod documentation when exact version accuracy matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The README states the skill triggers automatically for broad topics like validation, schema definition, type inference, error handling, and form validation. Those are common developer subjects, so an overly broad trigger can cause the skill to activate in unrelated contexts, increasing prompt-surface exposure and the chance that the agent uses this documentation when it was not the most appropriate source.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal