Back to skill

Security audit

GitHub Repo Guide PDF

Security checks across malware telemetry and agentic risk

Overview

This skill coherently turns a user-supplied GitHub repository into a Chinese Markdown/PDF guide, with expected GitHub access, local file output, and PDF-toolchain caveats.

Install only if you are comfortable letting the agent clone and summarize repositories you provide. For private or sensitive repos, remember that generated Markdown, PDF, and an intermediate build Markdown copy may remain in the workspace; use trusted local gh, pandoc, and TeX/PDF tooling, especially when converting untrusted repository Markdown into PDF.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to use shell commands, read repository files, clone external content, and write Markdown/PDF outputs, but it does not declare the permissions or capability boundaries needed for those actions. This is dangerous because it hides meaningful side effects and expands the attack surface for unsafe repo content, unexpected filesystem changes, or shell misuse without explicit governance.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The workflow explicitly clones a repository and writes Markdown/PDF files, but it does not warn about these filesystem changes or require confirmation. While the writes are limited to expected output artifacts, hidden side effects reduce user awareness and can be riskier when handling untrusted repositories or constrained environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.