github-fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple GitHub repository fetcher whose network use is expected for its purpose and does not request credentials, persistence, or local data access.

Install this if you are comfortable with the agent contacting GitHub whenever you ask it to inspect a GitHub repository. Avoid using it with private repositories unless you separately review and control any authentication method; fetching code and executing code are different actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill’s trigger criteria are broad enough that it may activate on many ordinary references to GitHub repositories or vague requests to 'analyze' a project, increasing the chance of unintended invocation. Because the skill then instructs the agent to perform network requests automatically, overbroad activation materially increases the likelihood of external requests being made without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to use curl to contact GitHub endpoints and retrieve repository contents, but it provides no user-facing disclosure or consent step for making external network requests. This creates a privacy and policy risk because user-supplied repository references, analysis targets, and access patterns may be transmitted to third parties automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal