Security audit
QA测试主管 测试策略治理
Security checks across malware telemetry and agentic risk
Overview
This is a QA planning skill with disclosed testing and coordination instructions, and no evidence of hidden installation, credential access, exfiltration, or destructive behavior.
This skill appears safe to install for QA strategy work. Users should understand that it can ask the agent to read local project guidance files and, when relevant, coordinate or run isolated runtime validation, but the artifact does not request credentials, persistence, or broad system access.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.