Issue Writer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward GitHub issue drafting helper with optional user-requested issue submission and no hidden execution or persistence behavior.

Install this if you want help drafting or filing GitHub issues. Before using the submission feature, confirm the target repository and review the issue body for secrets, private credentials, or sensitive exploit detail.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Low

Confidence: 90% confidence
Finding: In this manifest file, the invocation guidance centers on "$issue-writer" but does not define when the skill should or should not activate beyond a general transformation task. The phrase is somewhat specific, yet the file provides no explicit trigger scope, exclusions, or negative examples, which can make invocation behavior ambiguous in systems that rely on manifest descriptions.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal