spec-executor

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent spec-first coding workflow; its file edits, testing, and commits are expected for that purpose and are paired with phase checks and user confirmation.

Install this only if you want an agent to manage a structured coding workflow in your repository. Before allowing it to proceed, confirm the active phase and task, review generated specs/tasks, and treat code edits or commits as normal but user-directed project changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The example trigger phrase means 'you can start implementing now,' which is close to ordinary user conversation and could accidentally activate execution behavior if matching is not tightly scoped. In a skill that performs task progression, file updates, and commits, ambiguous triggering increases the chance of unintended state changes or autonomous action without sufficiently explicit user consent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The continuation phrase 'Continue from where you left off' is very broad and commonly appears in normal conversation, making it prone to accidental or prompt-injected resumption of prior work. Because this skill is specifically designed for session recovery and continuing task execution, an unconstrained continuation trigger is more dangerous: it may resume code changes, task updates, or commits based on stale or attacker-influenced context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal