Api Tester Dd7739

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk informational API-learning guide, though one trigger phrase is broad enough that it may activate unintentionally.

Before installing, consider narrowing or removing the "New" trigger so the skill only activates for clear API-testing or API-integration requests. The artifact otherwise appears proportionate for an informational guide.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases include generic terms like "api-tester" and especially "New", which can match ordinary user speech and cause the skill to activate outside its intended context. This increases the chance of unintended routing or prompt/context injection into unrelated conversations, even though the file does not itself contain direct code execution behavior.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The merged secondary skill section repeats broad activation conditions without clear scoping, which compounds the risk of accidental invocation. Because merged content expands the set of possible triggers, the skill may respond in contexts unrelated to API testing guidance, reducing predictability and increasing attack surface for skill misrouting.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal