Git Commit Helper

Security checks across malware telemetry and agentic risk

Overview

This is a simple Git commit and PR text helper with broad invocation examples, but no evidence of hidden execution, data exfiltration, persistence, or destructive behavior.

Install this if you want help drafting commit messages or PR descriptions. Invoke it deliberately and provide only the diff, files, branch, or issue references you want it to consider, especially in private repositories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill defines very broad trigger phrases such as requests to analyze code changes or generate commit messages, which substantially overlap with normal developer interactions. In an agent environment, this can cause the skill to activate unexpectedly on unrelated repository or diff content, increasing the chance of untrusted content influencing the agent's behavior or causing unintended data processing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal