GitHub

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed GitHub connector skill that can read and modify GitHub data through OOMOL, with confirmation instructions for write and destructive actions.

Install this only if you want an agent to operate GitHub through your OOMOL-connected account. Review the GitHub scopes you grant, and require confirmation before merges, file changes, issue or pull request edits, workflow reruns, label changes, reviewer changes, or deletion/removal actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill description is excessively broad: it directs the agent to use this skill for ANY GitHub request, including reading, creating, updating, and deleting data. In an agentic environment, such a catch-all trigger can cause unintended invocation of a high-privilege skill, increasing the chance of unnecessary access to connected GitHub data or accidental state-changing operations when a narrower skill or direct user clarification would be safer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal