Phy Regex Audit

Security checks across malware telemetry and agentic risk

Overview

This is a local, instruction-only regex security audit skill that reads source files to find risky regex patterns and does not request credentials, network access, persistence, or mutation authority.

Install this if you want an agent to audit code for ReDoS and regex quality issues. Use explicit commands like /regex-audit with a specific file or directory, and avoid scanning folders that contain unrelated secrets or private material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are broad enough to activate on ordinary conversation such as asking whether a regex is safe or discussing regex performance. In an agent environment, overbroad activation can cause unintended skill invocation, expanding the attack surface for prompt injection, data over-collection, or disruptive behavior if the skill scans repositories when not explicitly requested.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal