pr-pilot

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate pull request management skill, but it can push code and use your GitHub account, so repository actions should be reviewed before running.

Install this only if you want PR workflow help. Before allowing commands, confirm the exact repository, branch, staged files, PR title and body, comments, and any force-push or merge-conflict steps. Prefer least-privileged GitHub auth and avoid pasting long-lived tokens into chat or logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description is broad enough to trigger on routine repository and coding tasks, which can cause the agent to enter a high-authority workflow involving git pushes, PR creation, review replies, and status monitoring without sufficiently narrow user intent. In this skill, that matters because activation can lead to actions against remote repositories and use authenticated GitHub CLI access, increasing the blast radius of accidental invocation.

Vague Triggers

Low

Confidence: 88% confidence
Finding: The use cases are framed very broadly, so the skill may match many normal development scenarios instead of only PR-lifecycle tasks. Although the content is operational rather than overtly malicious, the context includes authenticated GitHub actions and repository interaction, so ambiguous activation can still cause unintended external actions or workflow hijacking.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal