sql-reflect

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only helper for finding which PHP/Laravel code generated a SQL query, with no hidden install, network, credential, persistence, or write behavior evident.

Install this only in repositories where you are comfortable letting the agent read PHP/Laravel source files and show matching snippets. Treat the output as code-search assistance rather than proof, especially for dynamically generated SQL or repositories with sensitive business logic.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad and lack exclusion criteria, so the skill may activate in loosely related conversations and perform repository/code-search behavior when the user did not clearly intend to invoke this capability. In a code-analysis skill that searches application files, over-triggering can expose irrelevant internal code context, waste resources, and cause unintended handling of sensitive developer data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal