Back to skill

Security audit

Security Review Workflow

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only security review skill that asks the agent to inspect branch or PR diffs for concrete vulnerabilities without installing code or requesting credentials.

Before installing, consider that the skill works by giving an agent access to branch diffs and security-relevant code context. Use it only in an environment where sharing that code with your chosen agent/model is acceptable, and avoid including secrets or unrelated private files in the review context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.