security-auditor

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only security auditing prompt with broad but disclosed defensive-audit guidance and no install hooks or hidden execution.

Install only if you want an agent helper for authorized security review. Define scope before use, and do not use it to scan, test, or exploit systems unless you own them or have explicit permission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is very broad and can cause the agent to invoke this skill in many loosely related contexts without clear boundaries or exclusions. Overly permissive routing increases the chance of inappropriate use, which can lead to over-collection of sensitive inputs, unsafe security advice in the wrong context, or confusion between audit-only guidance and operational or exploit-oriented actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal