Back to skill

Security audit

fullstack-softwareddeveloper

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Golang and Angular web development skill with no scripts, install actions, credential access, persistence, or hidden behavior.

Install is reasonable if you want guidance for Golang and Angular web app architecture and security patterns. Treat any generated authentication, authorization, or JWT code as draft implementation advice and review or test it before using it in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition is broad enough to activate on many generic web-development requests, which can cause the skill to be selected outside a narrowly defined scope. In a coding/security skill, this increases the chance of overreach, irrelevant authority, or unintended handling of requests that should be routed to more specialized or constrained skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.