QA & Testing Engine

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a QA/testing guide whose security payload examples are test data, not hidden commands or malware.

Install if you want an agent to help plan and review QA work. Be mindful that broad phrases like performance test planning or CI test setup may invoke it during general development conversations; review generated test payloads before using them against any live system.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill exposes very broad natural-language triggers such as 'Review these tests for quality', 'Generate performance test plan', and 'Set up CI test pipeline'. In an agent environment, overlapping generic commands can cause unintended invocation or routing collisions with other skills, leading the agent to perform testing/security workflow actions in the wrong context or on unintended user input.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal