软件测试用例设计

Security checks across malware telemetry and agentic risk

Overview

This is a test-case generation skill made of markdown guidance only; its main issue is broad auto-activation wording, not hidden or dangerous behavior.

Install this if you want help drafting structured software test cases. Be aware that it may activate on broad testing or agent-related wording, so review generated output for relevance and avoid treating its example tokens or security payloads as instructions to run real tests without authorization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill description is broad enough to auto-activate on many ordinary testing-related requests, which can cause the agent to load this skill when the user did not intend structured test-case generation. Over-broad activation increases the chance of prompt routing errors, scope creep, and unintended instruction precedence over the user's request.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger table uses ambiguous keywords like 'Agent' and a default fallback, so many unrelated requests containing the word 'Agent' or general testing language could incorrectly invoke this skill. In an agent system, ambiguous routing can override more appropriate skills and produce irrelevant or unsafe outputs due to misplaced context loading.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal