Back to skill

Security audit

Github Readme Maker

Security checks across malware telemetry and agentic risk

Overview

This is a simple GitHub profile README generator that prints markdown and does not request credentials or make system changes.

Install only if you want a local bash helper that prints GitHub profile README markdown. Before publishing the generated README, review the external badge and stats image links and replace placeholder personal details such as email or social handles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description uses broad trigger language such as 'Automated tool' and 'Use when you need ... capabilities,' which can cause the skill to match loosely related user requests. Overbroad activation increases the chance the agent invokes this skill in unintended contexts, potentially routing user data or workflows through an unnecessary external command path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.