Back to skill

Security audit

Gstack Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only software engineering workflow skill, but users should treat its QA and shipping roles as high-impact operations.

Install only if you want an AI-assisted engineering workflow. Run /qa against staging or test accounts where possible, and manually approve any browser actions that submit forms or change data. For /ship, confirm the repository, branch ownership, clean working tree, test results, and PR target before allowing rebase, version bump, force-with-lease push, or direct push to main.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill advertises very broad activation conditions such as 'starting a new feature,' 'preparing to ship,' 'doing code review,' and 'running QA,' which are common across ordinary software tasks. In an agentic environment, such vague triggers can cause over-activation of this skill in unrelated contexts, leading to unintended role orchestration, unnecessary tool use, or execution of higher-risk workflows like shipping and browser automation without sufficiently specific user intent.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill content is entirely in Chinese with no language selection or documented locale constraint, which can cause operators or downstream agents to misunderstand instructions, outputs, and review criteria. In a multi-agent engineering workflow, this increases the chance of missed warnings, incorrect execution, or ineffective oversight because participants may be unable to accurately interpret the retrospective process.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The skill hardcodes a Chinese-language persona and output context (for example, the title and role description) without any user opt-in or locale negotiation. In a multi-user or enterprise setting this can confuse reviewers, reduce usability, and cause downstream workflow errors if users or tools expect English or the caller's preferred language.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to run history- and state-altering git commands such as `git stash` and `git rebase main` without clearly warning about risks like hidden local changes, rebase conflicts, or rewritten commit history. In an agent skill intended for one-command release flow, omission of explicit cautions increases the chance that an automated or hurried user will perform destructive operations without understanding recovery steps.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill recommends `git push ... --force-with-lease` as part of the normal release path but does not prominently warn that it rewrites remote branch history and can disrupt collaborators' work. Although `--force-with-lease` is safer than `--force`, it still carries meaningful risk if users misunderstand branch state or if automation applies it routinely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.