Exunit Code Review

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only ExUnit code review skill with no executable behavior, persistence, credential use, or hidden high-impact actions.

Safe to install for ExUnit test review. Expect it to read relevant test files when invoked. Treat the Swoosh adapter wording mismatch as a quality issue, and inspect the separately referenced review-verification protocol if you intend to rely on that linked process.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Low

Confidence: 94% confidence
Finding: The documentation section on email testing configures `adapter: Swoosh.Adapters.Test` at L062, but the review checklist asks whether `Swoosh.TestAdapter` is configured. That is an active wording contradiction within the file's guidance, not just an omission, and could mislead reviewers about what they should verify.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal