Github Issue Creator

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only helper for turning bug notes into Markdown issue files, with scoped local file creation that matches its stated purpose.

Install this if you want the agent to create local Markdown issue files. Before committing or sharing generated files, review them for sensitive logs, screenshots, identifiers, and any details inferred from prior conversation or memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to create markdown files inside the repository (`/issues/`) without any user-facing warning, confirmation step, or clear boundary on when file writes are allowed. This can cause unintended local repository modification, especially if the user expects text generation only; in a repo context, even seemingly harmless issue files can pollute working trees, trigger automation, or lead to accidental commits.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal