Back to skill

Security audit

Checkpoints

Security checks across malware telemetry and agentic risk

Overview

This is a coherent audit-log skill, but it asks agents to persist sensitive prompt, conversation, and reasoning context in commit-linked records without strong consent or sharing controls.

Install only if you intentionally want commit-linked AI audit records. Before using it, set a project rule that checkpoints store sanitized summaries by default, never include secrets or hidden/system instructions, require confirmation before writing or committing checkpoint files, and use external checkpoint services only when approved for the repository's data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to record prompts, conversation history, reasoning steps, decision logic, and metadata tied to commits, but it does not require an explicit consent flow, minimization policy, or prominent warning about the sensitivity of that data. This creates a substantial risk of storing secrets, personal data, proprietary code context, and internal deliberations in durable artifacts that may later be committed, shared, or exfiltrated.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill permits uploading checkpoint contents to an external system or service, but it does not mandate disclosure that prompts, repository context, metadata, and reasoning-related content may leave the local environment. This can result in unintended transmission of confidential source code, user data, credentials, or sensitive development context to third parties.

Ssd 3

Medium
Confidence
95% confidence
Finding
Binding prompts, conversation history, reasoning steps, and metadata to commits creates a durable retention channel for highly sensitive natural-language and model-generated data. In the context of source control, such records can spread widely through clones, remotes, PRs, backups, and audit systems, increasing the blast radius of any secret, personal data, or confidential design detail captured in the checkpoint.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill specifically instructs preservation of prompts, dialogue summaries, and model reasoning in checkpoint records, normalizing retention of data that often contains secrets, private user instructions, system prompts, internal architecture decisions, or security-sensitive context. Because these artifacts are meant to be associated with commits, they are likely to become long-lived and discoverable by others with repository access.

Ssd 3

Medium
Confidence
96% confidence
Finding
The example checkpoint schema includes raw prompts and reasoning steps, which encourages implementers to persist sensitive user input and internal deliberation as a standard practice. Providing this as the canonical format materially increases the chance that downstream users will store confidential or policy-restricted data in files that may be versioned, synced, or externally processed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.