Security audit

Game Dev Release

Security checks across malware telemetry and agentic risk

Overview

This is a game release checklist skill with no executable code, hidden behavior, or credential handling found.

Installers should treat this as planning guidance, not an automation tool. Review any generated release, build, store-upload, or announcement steps before acting, especially where the skill suggests pushing builds live or posting public launch communications.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 89% confidence
Finding: The trigger 'release checklist' begins with the built-in command term 'release', which can create ambiguity in systems that use prefix or fuzzy trigger matching. In a release-management skill that may invoke build or deployment-adjacent actions, accidental routing to this skill could cause unintended operational guidance or workflow execution at sensitive moments.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 93% confidence
Finding: The trigger 'deploy game' overlaps with the built-in command term 'deploy', creating a realistic risk of command shadowing if the host agent resolves triggers by prefix, similarity, or partial match. Because this skill discusses launch, builds, store uploads, and release steps, misinvocation could interfere with or redirect legitimate deployment operations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal