Security audit

GitHub

Security checks across malware telemetry and agentic risk

Overview

This GitHub skill is a disclosed OOMOL connector wrapper with powerful GitHub actions, but it clearly labels write and destructive operations and requires confirmation for them.

Install only if you trust OOMOL with access to the GitHub account or organizations you connect. Treat write and destructive operations carefully: review the exact repository, file, branch, issue, pull request, and payload before approving actions such as deleting repositories, modifying files, changing labels, rerunning workflows, or merging pull requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 91% confidence
Finding: The skill description says to use this skill for ANY GitHub request, which creates an overly broad routing rule for a connector that includes both read-only and high-impact write/destructive operations such as deleting repositories, modifying files, and merging pull requests. That can cause an agent to invoke this skill in situations where narrower tooling or stronger confirmation logic would be more appropriate, increasing the chance of unintended state-changing actions under the user's connected GitHub account.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.