Workspace Standard

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent workspace organizer, but its maintenance instructions include broad commit/push and cleanup commands that deserve review before installation.

Install only if you want an agent to help structure and maintain your workspace. Before running maintenance, inspect `git status` and `git diff`, avoid automatic `git push`, and preview destructive cleanup with `git clean -fdn` instead of running `git clean -fd` directly. Treat generated memory/entity files as potentially sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README states the agent will 'automatically use' this skill when it needs to decide where to write things, add a project, or run maintenance, but it does not define narrow activation boundaries or require confirmation before state-changing actions. In an agentic environment, ambiguous auto-triggering can cause the skill to activate on routine requests and lead to unintended filesystem modifications such as bootstrapping directories or creating project files.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The recommended prompts are broad, natural-language phrases such as 'Bootstrap the workspace standard' and 'Migrate my docs/ folder to the new structure,' which overlap with common user requests and can trigger operational behavior without clear guardrails. In practice, this increases the chance of overbroad skill activation and unintended file creation, migration steps, or maintenance actions in contexts where the user may only want advice or a preview.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill states that the agent 'automatically reads this skill' and that users do not need to explicitly request it, with triggers based on broadly defined tasks such as deciding where to write something or running maintenance. This can cause the skill to activate in situations the user did not intend, increasing the chance that the agent performs filesystem-affecting guidance or maintenance-oriented actions in the wrong context. In a workspace-management skill, broad auto-invocation is more dangerous because it influences file placement, migration, and audit behavior across the whole repository rather than a narrowly scoped task.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The checklist instructs the agent/user to run `git add -A`, `git commit`, and `git push` as part of routine maintenance without any explicit confirmation, review, or guardrail before making and publishing repository changes. In an agent skill context, operational checklists can be translated into action, so embedding push commands increases the risk of unintended modification disclosure or publication of sensitive changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal