Security audit

Game Dev Start

Security checks across malware telemetry and agentic risk

Overview

This is a game-project onboarding helper with broad triggers, but its file checks and context-file creation are disclosed and fit the stated purpose.

Install this if you want guided game-project onboarding. Use it deliberately in the project workspace you want inspected, and be aware that generic trigger phrases may start the onboarding flow when you meant a broader conversation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrase "What should I work on first?" is broad, generic onboarding language that can match many unrelated development conversations. This can cause the skill to activate outside intended game-project onboarding contexts, potentially hijacking routing, file creation, or workflow decisions when the user did not explicitly request this skill.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrase "I want to start making a game" is still fairly broad and may overlap with general ideation, learning, or entertainment conversations rather than explicit onboarding requests. In an agent environment with automatic trigger matching, this can invoke the skill prematurely and steer the session into project setup actions the user did not clearly authorize.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal