Back to skill

Security audit

GitHub

Security checks across malware telemetry and agentic risk

Overview

This GitHub skill is a disclosed OOMOL connector wrapper with powerful GitHub actions, but it clearly labels write and destructive operations and requires confirmation for them.

Install only if you trust OOMOL with access to the GitHub account or organizations you connect. Treat write and destructive operations carefully: review the exact repository, file, branch, issue, pull request, and payload before approving actions such as deleting repositories, modifying files, changing labels, rerunning workflows, or merging pull requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

High
Confidence
91% confidence
Finding
The skill description says to use this skill for ANY GitHub request, which creates an overly broad routing rule for a connector that includes both read-only and high-impact write/destructive operations such as deleting repositories, modifying files, and merging pull requests. That can cause an agent to invoke this skill in situations where narrower tooling or stronger confirmation logic would be more appropriate, increasing the chance of unintended state-changing actions under the user's connected GitHub account.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.