Gist

Security checks across malware telemetry and agentic risk

Overview

This is a coherent GitHub Gist connector skill, with disclosed read/write/delete capabilities and user-confirmation rules for state-changing actions.

Install only if you want an agent to use your connected OOMOL/GitHub Gist account. Review payloads before create, update, star/unstar, fork, comment, or delete actions, and treat delete actions as irreversible unless you have backups.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The file describes `get_gist_comment` as a read operation, but the warning says it is a write action that changes Gist state and instructs the operator to confirm payload and intended effect before running. This documentation mismatch can mislead agents or users about the action’s safety properties, causing inappropriate handling, unnecessary confirmation flows, or incorrect trust assumptions about whether the call is state-changing.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description says to use this skill for ANY Gist request and whenever a task involves Gist, which is an overly broad trigger. This can cause the agent to invoke a state-changing integration in situations where a narrower or read-only path would be safer, increasing the chance of unintended actions against the user's connected account.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal