Agent Bug Hunter

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only bug-hunting skill whose broad debugging powers are disclosed and fit its purpose.

Install this for repositories where you want an agent to proactively inspect, test, and possibly edit code. Because its triggers are broad, be deliberate when invoking it for vague debugging or audit requests, and review any shell commands or code changes before accepting them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation criteria are broad enough to capture common, ambiguous requests such as general debugging, security audits, or vague reports like 'something's wrong.' In an agent-routing system, this can cause the skill to be invoked outside its narrowly intended scope, expanding access to powerful tools and specialized instructions in situations where a less-privileged or more appropriate skill should handle the request.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal