If you mostly use ChatGPT or Claude and you have just started trying AI tools, this is the part worth stopping for. The easy mistake is to think tool safety works like antivirus: inspect the code, look for obvious malware, then move on. That sounds reasonable, but it can waste your attention on the wrong check first. Agent safety should check intent before code [C002].
That is why NVIDIA / SkillSpector matters [C001]. The interesting part is not that NVIDIA launched another security thing. The interesting part is the kind of risk it seems to surface. The paper argues that newer attacks can slip past normal code or malware scans because the danger is often the gap between what a tool says it does, what access it wants, and where the data can go. In other words, the problem is not always poison in the code. Sometimes it is mismatch.
The numbers make that easier to see. In a 67,453-skill study, SkillSpector hit 75.3% of suspicious cases but only 6.8% of outright malicious ones. That does not make malicious code unimportant. It does tell you where the bigger everyday screening problem may sit: not in obviously bad tools, but in tools whose description, permissions, and data handling do not line up.
That is the decision shift. An update is worth your attention not because it lists more features, but because it changes the next decision you make. Before you obsess over code quality, check whether the stated purpose matches the permissions. If a note-taking tool asks for broad file access or can pull in outside data, that is already a reason to pause. You do not need an engineering background to make that call.
Boundary: this is paper-scope evidence from 67,453 samples, not proof about every live NVIDIA deployment or every agent tool on the market. But the rule is useful right now: read the tool description and the access request side by side. If they do not match, treat that as the first red flag, then share that habit with anyone around you who is starting to pick AI tools.