Security audit
Security Review Workflow
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only security review skill that asks the agent to inspect branch or PR diffs for concrete vulnerabilities without installing code or requesting credentials.
Before installing, consider that the skill works by giving an agent access to branch diffs and security-relevant code context. Use it only in an environment where sharing that code with your chosen agent/model is acceptable, and avoid including secrets or unrelated private files in the review context.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
