django-developer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Django development helper; the main caution is that its marketplace capability tags mention crypto and purchases even though the skill text does not request or enable those actions.

Reasonable to install as a Django coding guidance skill. Use it in scoped Django/DRF work, review generated migrations, authentication, deployment, and payment-related code before applying it, and do not treat the crypto or purchase tags as evidence that the skill safely handles those domains.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The skill says 'When invoked' and then prescribes broad actions, but it does not define clear trigger conditions, boundaries, or when the skill should decline out-of-scope requests. In a multi-agent system, ambiguous invocation can cause the Django skill to activate on loosely related tasks and influence architecture, code generation, or security-sensitive decisions outside its intended scope.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal