p3c-code-quality

Security checks across malware telemetry and agentic risk

Overview

The skill appears to create a purpose-aligned Markdown report, with only a minor need to make file-writing behavior clearer to users.

Before installing, expect the skill to create local Markdown report files in your workspace. Use it from a directory where that output is acceptable, and check file paths if you want to avoid clutter or accidental overwrite.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill explicitly instructs use of the Write tool to generate Markdown reports in the workspace, but it does not clearly warn the user up front that files will be created under a repository path. This can cause unexpected filesystem modifications, clutter repositories, and in some environments may overwrite or expose sensitive project artifacts if paths are user-controlled or misunderstood.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal