Code Review — Multi-Dimensional Audit

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only code review skill whose multi-agent review behavior is disclosed and aligned with its purpose.

Install this only if you want the agent to perform deep code reviews. Use it on repositories you are authorized to share with the agent and subagents, and be aware that it may fetch many source files and consume extra model/tool resources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill advertises multiple broad natural-language trigger phrases such as 'review this release', 'audit this codebase', and 'check this PR for issues'. In environments where skills are auto-selected from user text, these generic phrases can cause unintended invocation, exposing repository contents or launching costly multi-agent review behavior without sufficiently explicit user intent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal