Security audit

csharp-developer

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only C# development helper with no executable code, install hooks, credential handling, or hidden behavior found.

Reasonable to install for C#/.NET development help. Expect it to guide an agent to inspect and modify project code when you ask for development work, so review generated changes with version control, especially around authentication, cloud configuration, migrations, and deployment settings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill defines broad behavior for a senior C# developer but does not clearly specify when it should be invoked versus other engineering skills. In an agent system, ambiguous activation boundaries can cause the wrong skill to take control, leading to overbroad access to project context, unintended actions, or unsafe delegation decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal