YES.md 日本語版

Security checks across malware telemetry and agentic risk

Overview

This is a single-file Japanese engineering workflow skill that pushes agents toward evidence gathering, backups, and verification, with no executable code or hidden data access.

Install this where you want the agent to be more proactive about checking files, running diagnostics, making backups before risky edits, and verifying fixes. Keep approval gates enabled for shell commands, deployments, database changes, and any action that could affect real systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation criteria are so broad that the skill can trigger during a large fraction of normal engineering tasks, including debugging, implementation, deployment, and data work. An overly broad skill can override or crowd out more task-specific guidance, increasing the chance of workflow disruption, instruction conflicts, and unintended behavior across many sessions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal