Back to skill

Security audit

GitFlow

Security checks across malware telemetry and agentic risk

Overview

This skill is clearly about GitHub/GitLab workflow automation, but it can push code and rerun CI using the user's credentials without documented confirmation or scope limits.

Install only if you want the agent to help push commits and interact with GitHub/GitLab CI. Before using it, require explicit confirmation for every push or rerun, verify the remote and branch, avoid broad tokens, and treat CI logs as potentially sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states the skill will automatically push code and monitor pipelines across GitHub and GitLab, but it does not clearly warn users that invoking the skill may perform write actions against remote repositories. This can lead to unintended code publication, accidental triggering of CI/CD workflows, or changes being pushed under the user's credentials without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly promotes automatically pushing local commits and triggering remote CI/CD actions, but it does not provide safeguards, confirmation steps, scope limitations, or warnings about modifying remote repositories. In an agent/automation context, this can cause unintended code publication, pipeline execution, and side effects on production-adjacent systems, especially if invoked on the wrong branch or remote.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.