github-pr-automation

Security checks across malware telemetry and agentic risk

Overview

This GitHub PR automation skill is purpose-aligned, but it asks for broad GitHub write authority and recurring automation without clear consent, limits, or disable guidance.

Review carefully before installing. Use a least-privilege GitHub credential, avoid broad repo scope when possible, and do not enable the daily cron job unless it is limited to read-only discovery or drafting. Require manual review before comments, pushes, API calls, or pull requests are published under your GitHub account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to create a recurring daily cron job that can trigger autonomous contribution activity, but it does not require explicit user opt-in, confirmation of persistence, or clear disclosure of ongoing behavior. Persistent automation increases the risk of unintended repository actions, token misuse, spammy outbound activity, and repeated execution after the user no longer expects it.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal