Sovereign Commit Craft

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for writing commit messages and release text, with no evidence of hidden execution, data collection, or persistence.

Reasonable to install for commit-message, changelog, release-note, and PR-description help. Because it works from diffs and commit histories, review generated text before use and avoid pasting private keys, tokens, customer data, or sensitive internal URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Unbounded Resource Access

Medium

Category: Excessive Agency
Content: feat(api): add Redis-backed rate limiting to all API routes The API had no protection against abuse or accidental traffic spikes. A single client could overwhelm the server with unlimited requests, degrading service for all users. Add a configurable rate limiter using Redis sliding window counters.
Confidence: 80% confidence
Finding: unlimited requests

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal