architecture designer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only architecture guidance skill, with no executable code or hidden high-risk behavior found.

Reasonable to install for architecture planning and ADR support. Review the external setup-guide link before following it, and treat any future request for OAuth tokens or API keys as outside what this skill’s local artifacts require.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list contains very broad terms such as "architecture," "system design," "design pattern," and "infrastructure," which are common in normal engineering discussions. This can cause the skill to activate in situations where the user did not intend to invoke an architecture specialist, increasing the chance of prompt-context hijacking, irrelevant guidance, or accidental delegation to a higher-authority workflow.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description instructs use for broad categories like "designing new system architecture," "reviewing existing designs," and "making architectural decisions" without defining what level of specificity or user intent is required. In agentic systems, vague invocation guidance can expand the skill's authority surface and lead to unintended activation during ordinary planning or discussion, which increases the risk of unsafe context switching and overbroad tool use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal