Back to skill

Security audit

软件测试用例设计

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for generating software test cases, with no code execution, credential access, persistence, or hidden behavior evident in the artifacts.

Install this as a test-design assistant, not an execution or scanning tool. Provide only the requirements, designs, and code excerpts needed to create test cases, avoid pasting secrets or production personal data, and review the generated cases for business-rule accuracy before using them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger section uses very broad, common requests such as '帮我写一下…测试用例' and '检查一下这些测试用例是否有遗漏', which can cause the skill to activate in many ordinary conversations that merely mention testing. Over-broad activation can lead to unintended routing, context capture, or the model applying this skill when the user did not explicitly request it, reducing reliability and potentially exposing unrelated content to the skill’s processing path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.