Security audit

Game Dev Sprint Dev

Security checks across malware telemetry and agentic risk

Overview

This is a plain markdown planning skill for game-development sprints; its triggers are somewhat broad, but it does not include executable code, credential handling, background tasks, or data exfiltration.

Installers should know this skill may appear for generic development-planning requests because some triggers are broad. It is otherwise a low-risk planning aid; review or narrow the triggers if you only want it invoked for game-development sprint work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad phrases such as 'start development', 'break down tasks', and 'user stories' that can match many unrelated requests, causing the skill to activate outside its intended game-development sprint context. Overbroad activation can route users into the wrong workflow, override more appropriate skills, and increase the chance of unintended file creation or project-planning actions.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 84% confidence
Finding: The trigger phrase 'start development' is close to a generic built-in command namespace and may shadow or conflict with broader 'start' behaviors. This can cause ambiguous routing, unexpected invocation of this skill, and accidental execution of its workflow when a user intended a different command path.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal