Security audit

Gen Code

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed code-generation skill that can modify many project files, but its behavior matches its stated purpose and shows no hidden execution, credential theft, or exfiltration.

Install only in a version-controlled project. Use explicit /gen-code commands instead of broad natural-language triggers, review planned file lists and diffs before accepting --auto or scaffold initialization, and avoid putting real secrets into generated configuration placeholders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The intent-based trigger phrases are very broad everyday expressions such as '生成代码', '写代码', and '帮我实现这个功能', which can cause the skill to activate in contexts where the user did not intend this powerful automation. Because the skill can create directories, scaffold projects, update docs/tasks.md, and generate multiple code artifacts, accidental activation can lead to unintended repository modifications and unsafe chained actions.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes aliases and broad phrases not consistently constrained by the earlier trigger definitions, expanding activation surface beyond what users may reasonably expect. In a skill with file-writing, task-updating, and auto-execution behaviors, inconsistent trigger scope raises the risk of unintended invocation and unreviewed repository changes.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The prompt instructs the agent to automatically update docs/tasks.md and mark tasks complete, but it does not prominently warn the user that repository files will be modified as a side effect. In an agentic coding skill, silent state changes can mislead users, overwrite planning artifacts, and create unauthorized or unintended commits, especially when paired with auto/continue workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The automatic execution mode can process all pending tasks and generate code across multiple files without per-task confirmation, yet the prompt lacks a strong user-facing warning about the scale of changes. In this context, that is dangerous because a single invocation can trigger broad repository modifications, compounding mistakes and reducing user oversight.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The scaffold initialization section makes project bootstrapping mandatory when configuration files are missing, but it does not clearly warn that new directories, configuration files, and template content may be created. This is risky because it can materially reshape a repository or working tree in ways the user did not explicitly approve, especially in existing or misdetected projects.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal