Security audit

J

Security checks across malware telemetry and agentic risk

Overview

This is a simple file-joining command reference; the main risk is accidental use from its one-letter name or careless wildcard/output commands.

Install only if you want a compact reference for merge and join commands. Before running generated commands, check wildcards like `*.txt` or `*.log`, confirm output filenames will not overwrite important files, and use explicit file lists for private or sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 98% confidence
Finding: Using a single-letter trigger like "j" is overly broad and highly collision-prone, making accidental invocation likely during normal conversation, code snippets, filenames, or shell commands. In an agent environment, unintended activation can cause the skill to suggest or perform file-merging operations on the wrong inputs, increasing the risk of data corruption, disclosure, or unsafe command generation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.