Fire

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed workflow for executing an existing coding plan, with no hidden scripts or credential handling found.

Install this only if you want the agent to carry out prepared coding plans with git branches/worktrees, test runs, commits, and possible subagent delegation. Use a specific instruction when invoking it, and review the plan first because the skill is designed to continue task-by-task once execution begins.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger description uses broad, common phrases like "fire," "execute the plan," and "build it," which can plausibly appear in normal conversation and cause unintended skill invocation. Because this skill performs execution-oriented actions against a codebase, accidental activation is more dangerous than for read-only or advisory skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal