Github repository quickstart

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at GitHub repository help, but its broad automatic activation is under-scoped for a tool that can contact an external GitHub MCP service.

Review before installing. Use it only if you want GitHub MCP-assisted repository analysis, keep any GitHub token or session limited to the minimum repositories and scopes needed, and prefer disabling implicit invocation or requiring confirmation before external GitHub lookups.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger conditions are broad enough to activate on many generic repository-help requests, which can cause the agent to invoke this skill outside its narrowly intended scope. Over-broad activation increases the chance of inappropriate tool use, unnecessary repository inspection, and incorrect task routing, especially when a user only wants lightweight advice rather than structured repo analysis.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill enables implicit invocation without defining any narrow trigger constraints, exclusions, or confirmation requirements. Because this skill can contact an external GitHub MCP service, broad auto-invocation increases the chance it will be triggered in contexts the user did not clearly intend, causing unintended repository lookups and data transmission.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal