Back to skill

Security audit

Guru

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Guru connector that uses the OOMOL CLI to search and read Guru content from the user's connected account.

Install this if you want Codex to search and read Guru content through your OOMOL-connected Guru account. Be aware that ambiguous mentions of Guru could route to this skill, so users should phrase requests clearly when they do or do not want organizational Guru content accessed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger text instructs the agent to use this skill for "ANY Guru request," which is broader than necessary and can cause the skill to be invoked for loosely related mentions of Guru rather than only clear requests to search or read Guru data. Overbroad routing increases the chance of unintended tool use and accidental access to enterprise knowledge content when a narrower match or explicit user intent check would have avoided invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.