fullstack-developer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only full-stack development helper with broad but disclosed engineering scope and no executable install behavior.

Reasonable to install if you want a broad full-stack engineering assistant. Review generated changes carefully before applying database migrations, authentication changes, infrastructure, CI/CD, or deployment steps.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill is broadly defined as a general-purpose fullstack developer and does not clearly constrain when it should be invoked or what requests are out of scope. In an agentic environment, this ambiguity can cause over-broad activation on sensitive tasks across backend, frontend, auth, deployment, and infrastructure, increasing the chance of unsafe autonomous changes or inappropriate authority expansion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal