Phy Pipeline Contract Enforcer

Security checks across malware telemetry and agentic risk

Overview

This is a local data-schema checking skill with no evidence of hidden network use, credential access, persistence, or destructive behavior.

Install only if you want an agent to analyze pipeline samples, contracts, or selected pipeline directories. Review any generated shell or Python command before running it, and avoid pointing the skill at broad folders or samples containing unrelated sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad natural-language phrases such as 'my downstream job broke', 'schema drift', and 'unexpected null' that are common in ordinary debugging conversations. This can cause the skill to activate when the user did not intend to invoke it, potentially pulling the interaction into schema-analysis workflows and causing incorrect tool routing or unnecessary exposure of local files/data samples for analysis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal