Back to skill

Security audit

Browser QA

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only browser QA checklist whose interaction testing is appropriate for its purpose, but users should run it with test accounts or staging sites.

Install is reasonable for structured browser QA guidance. Before following it, run interaction tests in staging or with explicit approval, use test accounts and synthetic payment/form data, and avoid using a personal authenticated Chrome profile against production unless that is exactly what you intend.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This markdown skill instructs the agent to submit forms and test login/logout or checkout flows, which can affect user data, trigger emails, create records, or alter account state. The file does not include any warning to use test environments, test accounts, or non-production data when performing these actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.