Back to skill

Security audit

Ai C Plan

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about automating project work, but it can make broad code, database, git, and hard-coded path changes with limited user checkpoints.

Install only in a trusted development repository, preferably on a disposable branch with backups. Confirm the hard-coded AI-C paths are yours, review the plan and architecture files first, and make sure database settings point only to local or disposable development databases before allowing autopilot, migrations, git add ., or automatic commits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill advertises broad autonomous execution over project plans without clear trigger boundaries or scoped guardrails. In practice, this can cause the agent to perform unintended repository-wide modifications whenever invoked, increasing the risk of unsafe actions and surprise changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
These instructions authorize automatic file creation, config generation, migrations, testing, and git commits without an explicit user warning about repository impact. That combination materially increases the chance of integrity-impacting changes, especially schema changes and persisted commits, before a user can review them.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The autopilot section explicitly instructs the agent to proceed without approval, persist progress, and even initialize git if needed. This is dangerous because it normalizes unattended repository mutation and state persistence, which can alter provenance, history, and working tree state without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.