The skill is vulnerable to command injection attacks because it processes untrusted vCenter alarm descriptions as executable instructions, potentially allowing attackers to manipulate the agent's execution flow.
npx skills add https://github.com/zw008/VMware-MonitorThe skill returns 'suggested_actions' containing command strings for other skills. If an attacker can influence vCenter alarm/event descriptions, they can inject malicious commands into the agent's execution flow. [ensemble: confirmed by 3/3 passes; severity set to the agreed median (ADR-0067).]
"suggested_actions": ["vmware-aiops: acknowledge_vcenter_alarm(...)"]
NER model detected organization in skill content (confidence: 0.65)
S*****
NER model detected organization in skill content (confidence: 0.85)
M**
SKILL.md links to "references/investigation-protocol.md" but the file is not part of the skill package — the workflow silently degrades or the content is sourced elsewhere at runtime
[`references/investigation-protocol.md`](references/investigation-protocol.md)
Skill does not specify a license field. Specifying a license helps users understand usage terms.
Skill 'compatibility' field exceeds the Agent Skills spec limit of 500 characters.
[](https://mondoo.com/ai-agent-security/skills/github/zw008/VMware-Monitor/vmware-monitor)<a href="https://mondoo.com/ai-agent-security/skills/github/zw008/VMware-Monitor/vmware-monitor"><img src="https://mondoo.com/ai-agent-security/api/badge/github/zw008/VMware-Monitor/vmware-monitor.svg" alt="Mondoo Skill Check" /></a>https://mondoo.com/ai-agent-security/api/badge/github/zw008/VMware-Monitor/vmware-monitor.svgSkills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.