Before a verified skill reaches the NVIDIA Skills catalog, NVIDIA runs it through SkillSpector as part of the publication validation pipeline. This approach treats the skill as a deployable agent capability rather than as a static prompt. SkillSpector checks conventional software risks such as vulnerable dependencies, suspicious scripts, dangerous code patterns, credential access, and data exfiltration paths. SkillSpector also checks agent-specific risks, such as hidden instructions, prompt injection, trigger abuse, excessive agency, tool poisoning, and mismatches between a skill’s declared p
NVIDIA-Verified Agent Skills Provide Capability Governance for AI Agents | NVIDIA Technical Blog… The primary threat to these tools is that of indirect prompt injection, where a portion of the content ingested by the LLM driving the model is provided by an adversary through vectors such as malicious repositories or pull requests, git histories with prompt injections, .cursorrules , CLAUDE/AGENT… …
… In an LLM, we might try some kind of prompt injection to override the system instruction, but in this scenario, we can only control the image while the text is fixed. …
… Every prompt injection is a potential credential leak. …
… SkillSpector also checks agent-specific risks, such as hidden instructions, prompt injection, trigger abuse, excessive agency, tool poisoning, and mismatches between a skill’s declared purpose, requested access, and bundled behavior. …