Skylv Git Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight Git advice skill with no hidden execution, credential access, network behavior, or persistence.

Safe to install as a Git guidance skill. Review suggested Git commands before running them, especially reset, merge, rebase, rollback, or push commands, and confirm the target repository and branch first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill metadata and description use broad Git-related trigger terms such as 'Git', 'commit', 'merge', 'branch', and 'conflict', which are common in normal developer conversations. This can cause the skill to activate unintentionally and steer responses when the user did not explicitly request this specific skill, increasing the risk of inappropriate command suggestions or context hijacking in routine workflows.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: The skill heading and documentation present the assistant as a Chinese-language helper without indicating language negotiation or user choice. If the runtime uses this documentation to shape behavior, users may receive responses in an unexpected language, which can reduce clarity for Git commands and increase the chance of operational mistakes during sensitive version-control tasks.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal