Back to skill

Security audit

Eno Skills

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only frontend architecture review skill with broad activation terms but no executable code, persistence, credential access, or hidden data movement.

Safe to install for frontend architecture reviews. Be aware it may activate on broad frontend terms like tech stack, component design, monorepo, or build config, and avoid pasting API keys, tokens, passwords, or private environment values when sharing project files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger keyword set is broad and includes generic architecture and engineering terms, which can cause the skill to activate in contexts where the user did not explicitly request this analyzer. In an agentic system, unintended activation can override more appropriate skills, expand prompt scope, and increase the chance of irrelevant or misleading guidance being injected into the conversation flow.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The intent-based activation rules are underspecified and rely on vague cues like asking whether a choice is 'reasonable' or 'better,' which are common across many unrelated tasks. This ambiguity can make the skill activate outside its intended scope, creating prompt-routing errors and potentially causing the agent to request unnecessary project data or provide architecture-specific outputs in the wrong context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.