Aegis Audit

Security checks across malware telemetry and agentic risk

Overview

Aegis Audit appears to be a disclosed security-auditing skill; its main risk is an optional LLM mode that can send scanned code to third-party providers if the user enables it.

Install only if you are comfortable letting the skill read the code you ask it to audit. Keep LLM analysis off for private or regulated code unless you have approved the provider and data handling terms, and avoid scanning secrets or credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Harmful Content Injection

Critical

Category: Prompt Injection
Content: --- ## Vibe Check personas Aegis assigns each scanned skill a persona based on deterministic analysis: - **Cracked Dev** — Clean code, smart patterns, minimal permissions. - **LGTM** — Permissions match the intent, scopes are sane, nothing weird. - **Trust Me Bro** — Polished on the outside, suspicious on the inside. - **You Sure About That?** — Messy code, missing pieces, docs that overpromise.
Confidence: 95% confidence
Finding: kill a person

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal