Galdr

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, user-directed guide for using an external music-analysis CLI, with no hidden persistence or credential access in the reviewed artifacts.

Install galdr only from the listed PyPI or GitHub source, preferably in a virtual environment. Review generated prompts before sending them to external model tools, especially if the audio or derived context is private or sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Unvalidated Output Injection

High

Category: Output Handling
Content: ) slug = re.search(r"Slug\s*:\s*(\S+)", fetch.stdout).group(1) prompt = subprocess.run( ["galdr", "assemble", slug, "--template", "arc", "--mode", "full"], capture_output=True, text=True, check=True ).stdout
Confidence: 83% confidence
Finding: subprocess.run( ["galdr", "assemble", slug, "--template", "arc", "--mode", "full"], capture_output

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal