Back to skill

Security audit

Build Session

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about running autonomous build sessions, but it can cause an agent to edit, commit, and push repository changes without enough built-in user control.

Install only for intentionally autonomous build sessions in an isolated repository or branch. Require human review before commits or pushes, inspect diffs, avoid blind git add -A, and run secret checks before any remote publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill frames itself as a general-purpose framework for autonomous building sessions, which makes it easy to invoke in many normal agent contexts without strong preconditions or approval gates. That broad applicability increases the chance an agent will initiate substantive actions when only passive check-ins or limited-scope behavior were intended.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The listed activation conditions are expansive: 'any autonomous time' and similar language gives the agent broad discretion to decide when it should act. In practice, this can cause overreach, where the skill is triggered outside the user's intended scope and leads to unnecessary or risky modifications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directly instructs the agent to run 'git add -A', commit, and push, which can publish changes to remote repositories without any warning, review step, or authorization check. In an autonomous setting, this creates a meaningful risk of unintended code changes, secret leakage, disruption of shared branches, or propagation of low-quality or unsafe outputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.