Security audit

myfirstgit

Security checks across malware telemetry and agentic risk

Overview

This is a simple GitHub CLI helper whose GitHub read and issue-creation abilities are disclosed and fit its purpose.

Install this only if you want an agent to use your currently authenticated GitHub CLI account. Before creating an issue, check the active GitHub account, target repository, title, and body, because the issue will be posted using that account's permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: This markdown file describes a `create-issue` command that performs a remote write operation on GitHub, but it does not warn the user that it will create persistent content in a repository. For markdown files, user-affecting operations that can change data or system state should be disclosed so users understand the impact before invoking the skill.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal