Back to skill

Security audit

angular-architect

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal development/architecture helper, with only a minor scope clarity concern around its broad invocation wording.

Install this only if you want an agent to help inspect and modify code for architecture-related development work. Review its changes before applying them, especially because the trigger wording is broad and could be made more specific.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill activates on a very generic condition ('When invoked') and immediately directs broad architectural analysis and implementation actions without clear scope, authorization boundaries, or trigger constraints. In an agent environment, this can cause the skill to engage in unintended contexts, leading to overreach, unnecessary access to project context, or unsafe modifications beyond the user's actual request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.