Back to skill

Security audit

Project Context Generator For AI

Security checks across malware telemetry and agentic risk

Overview

This skill coherently creates a local .ai-context documentation folder for coding agents, with no evidence of credential access, exfiltration, or unrelated behavior.

Install this only for repositories where you want an agent-generated .ai-context folder. Run it from the intended project root, review any existing .ai-context contents first, and check git status or use a branch before running the Bun helper because it writes persistent documentation files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to create a `.ai-context/` tree and generate multiple files, but it does not clearly warn that existing documentation may be created, modified, or overwritten inside the repository. In practice, this can lead to unintended repository changes, loss of existing docs, or agent actions the user did not realize were destructive or state-changing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.