Back to skill

Security audit

Skill Quality Audit

Security checks across malware telemetry and agentic risk

Overview

This is a text-only skill for reviewing SKILL.md quality and does not request credentials, command execution, persistence, or broad system access.

Safe to install for reviewing agent skill text. Be aware it may activate on broad requests like "review this skill," so check that you intended a SKILL.md quality audit before relying on its output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "review this skill" is broad enough to match requests for reviewing many kinds of skills, not just Nevo-style SKILL.md quality audits. In an agentic system, overly broad triggers can cause the wrong skill to activate, leading to misrouting, unnecessary context loading, and potentially exposing unrelated skill content or suppressing more appropriate tools.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.