Swmm Gis

Security checks across malware telemetry and agentic risk

Overview

This skill is a local GIS preprocessing toolkit that reads user-supplied watershed files and writes expected SWMM/QGIS outputs, with one overwrite behavior users should handle carefully.

Install only if you are comfortable running local GIS processing scripts against your own files. Use a fresh, dedicated run/final_layers directory, keep backups of original GIS data, and review the separate Agentic SWMM/QGIS/GRASS install steps because those dependencies are outside this skill package.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script unconditionally deletes any existing files matching the stems `subcatchments`, `flow`, and `outfall` in the user-supplied `final_dir`, as well as selected raster/image/manifest outputs, before recreating them. In a GIS workflow this can cause unintended data loss if `final_dir` points to a shared, reused, or incorrectly specified directory, especially because there is no confirmation, isolation check, or safeguard against clobbering prior outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal