Legacy Code Addition Techniques

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent coding guide for adding tested changes to legacy code, with only normal repository edit authority and no hidden install or data-access behavior.

Install this only when you want an agent to edit legacy code and run tests in your repository. Review the resulting diff carefully because the skill is intended for time-constrained changes in areas that may lack existing tests, and treat the mismatched crypto/purchase tags as metadata noise rather than behavior shown in the artifact.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description contains many broad, conversational trigger phrases such as 'I have to add this feature fast', 'no time for a big refactor', and 'just need to log this', which could cause the skill to activate from ordinary developer chatter rather than an explicit request to use this specific technique. In an agentic coding environment, over-broad activation can steer users into making risky legacy-code changes under time pressure and bypass safer, more deliberate workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal