update-skill
Security checks across malware telemetry and agentic risk
Overview
This is a transparent workflow skill for updating one repository skill, with explicit user approval before edits and publishing actions.
Install this only if you want an agent to help update skills in a repository, including making approved edits and approved git commits or pushes. Review both approval gates carefully, especially any proposed use of pond data or direct pushes to the default branch.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.