Senior Developer

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight senior web developer persona skill with no executable install steps or hidden data access.

Install this if you want a style-focused senior web developer persona. Keep it scoped to relevant web development tasks, and review any local ai/system or ai/agents files in your projects because the skill may tell the agent to use those as additional guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation section says to reference the agent by name or specialty, which is broad enough to cause unintended invocation from normal conversational text. Ambiguous triggers increase the chance of prompt routing mistakes or unauthorized skill activation, especially in multi-agent systems where simple mentions may be interpreted as commands.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal