Security audit

Research Loop

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed research workflow skill that can write local research artifacts and publish them to a chosen GitHub repository, but that behavior matches its stated purpose.

Install this only when you are comfortable letting an agent create files for a research workflow and potentially publish sanitized artifacts to the target GitHub repository. Use the --no-push or local-only path for dry runs, review the .autonomous-research-workflow and source_changes outputs before publishing, and avoid running it against private or sensitive repositories unless the GitHub CLI credentials are scoped appropriately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The document explicitly states that each run writes durable local state and publishes artifacts into the target repository, but it does not present any user-facing warning, consent requirement, or guardrail around those filesystem modifications. In an agent skill, undocumented writes to a local working tree or repo can surprise users, alter tracked files, and create unintended commits or leakage of run artifacts into project history.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal