ISSUE Triage

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill triages pasted GitHub issue text and does not request code execution, credentials, or network access.

Reasonable to install for drafting triage reports and maintainer replies. Review generated replies before posting them publicly, and avoid pasting private logs, secrets, or sensitive customer data into issue text unless you have already redacted it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger description includes broad natural-language phrases like 'analyze a bug report' and 'how should I respond to this issue', which can cause the skill to activate in situations beyond explicit issue triage. Over-broad activation can route unrelated untrusted content into this skill, increasing the chance of accidental processing of adversarial issue text or user confusion.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal