Upstream Recon

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only helper for read-only GitHub project research, with no evidence of hidden code, persistence, or account-changing behavior.

Install this only from a source you trust, and expect it to use the GitHub CLI to read public repo issues, PRs, comments, and metadata. Keep control over any follow-up write actions, such as opening an issue, submitting a PR, or posting a comment; the skill should advise on those actions, not perform them without your explicit direction.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad phrases such as "check the project" and a catch-all condition like using it "any time the user wants to interact with a repo they don't maintain," which can cause the skill to activate in situations beyond its intended scope. Over-broad activation can lead to unnecessary execution of GitHub reconnaissance actions, creating confusion, wasted resources, and unintended interaction with repositories when the user did not explicitly request this workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal