Pro Code Reviewer

Security checks across malware telemetry and agentic risk

Overview

This code-review skill is purpose-aligned and mainly reads local git diffs and nearby source context, with an optional local HTML report.

Install if you want an agent to inspect local repository diffs and nearby source code. Use explicit prompts such as `code review staged` or `review commit <sha>`, and only request HTML reports or `.gitignore` changes when you want local report files written.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Using the bare trigger phrase "review" is overly broad for an agent skill because it can match many ordinary user requests that are not intended to invoke this skill. In assistant environments with automatic skill routing, this increases the chance of unintended activation on unrelated prompts, which can cause unexpected repository inspection, diff processing, or disclosure of code context to the skill flow.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The command set documents generic phrases like "review" and "quick review" without clarifying what kinds of requests should not trigger the skill. This broad matching surface can cause accidental invocation from conversational language, making the skill run in contexts where the user did not intend code analysis or where sensitive repository data may be unnecessarily accessed.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Using a broad trigger like 'review' and vague phrasing such as 'asks to review before committing' can cause unintended invocation in unrelated contexts. In an agent environment, accidental activation can expose repository diffs, commit content, and surrounding code context more often than the user intended, increasing data exposure and unnecessary tool execution.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The phrase 'asks to review before committing' is underspecified and may match ordinary conversational text, leading the skill to inspect the current repository without sufficiently explicit user authorization. Because this skill reads git state and file contents, accidental invocation has real confidentiality implications in shared or sensitive codebases.

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill content mandates Chinese-language output in its review instructions without any indication that this is conditioned on the user's preference or locale. That can override user intent, reduce usability, and cause downstream failures in systems or workflows expecting responses in another language, making it a genuine policy/quality vulnerability in agent behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal