Back to skill

Security audit

Testing Skill for Agency Agents

Security checks across malware telemetry and agentic risk

Overview

This testing skill is mostly purpose-aligned, but it gives agents broad testing and data-handling authority without enough safeguards.

Install only after reviewing and constraining how it will be used. Run it against authorized local or staging systems by default, inspect any local scripts before execution, pin external CLI tools, avoid real user or production data unless formally approved, and keep generated screenshots and reports out of public or committed locations unless secrets are redacted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to monitor API health in production with automated alerting and response, but it does not include guardrails requiring user confirmation, read-only defaults, or restrictions on actions against live systems. In an agent context, this can normalize or enable active operations against production APIs, increasing the risk of unintended service disruption, noisy traffic, or unsafe automated remediation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to run local shell commands, invoke a script, recurse through files, and read generated artifacts without any safety gating, user confirmation, or scope restriction. In an agent setting, this can trigger unintended local side effects, disclose repository contents, and normalize unsafe command execution from untrusted skill content.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to default to finding 3-5 issues and treat zero findings as suspicious regardless of evidence. This creates a systematic integrity failure where the agent is biased toward fabricating or exaggerating defects, which can corrupt QA outputs and mislead downstream decisions.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The report template hardcodes a minimum of 3-5 issues and defaults status/readiness to FAILED unless there is 'overwhelming evidence otherwise,' encouraging predetermined conclusions instead of objective assessment. In practice, this can poison evaluation workflows, generate false defect reports, and undermine trust in the agent's output.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs load, stress, endurance, and scalability testing across all systems but does not include guardrails about authorization, production safety, rate limits, maintenance windows, or environment isolation. In an agent context, this can lead to disruptive testing against live systems, causing service degradation or self-inflicted denial of service even if the stated goal is legitimate performance analysis.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The embedded k6 example performs authenticated requests using hardcoded sample credentials, processes bearer tokens, and writes JSON/HTML reports to disk without warnings about secret handling, test account usage, sensitive response data, or local file creation. In an agent skill, this increases the risk of unsafe reuse against real endpoints, credential misuse, leakage of tokens or application data into generated reports, and unintended filesystem side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs evaluators to test tools with 'actual user data' but provides no safeguards such as data minimization, consent, de-identification, legal basis, or use of a controlled non-production environment. In a tool-evaluation workflow, this can lead to unnecessary exposure of personal, confidential, or regulated business data to third-party products under assessment, increasing privacy, compliance, and data leakage risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.