testcase-creator

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates test-case documents from user-provided requirements, with only normal cautions around fetching document URLs and saving persistent output files.

Install only if you are comfortable letting the agent process the requirements documents you provide. Be careful with private Feishu or similar document URLs, choose an appropriate output folder, and clean up old timestamped versions when the source requirements contain confidential product or business information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill instructs the agent to fetch requirement documents directly from arbitrary URLs or invoke other skills to download them, which expands the trust boundary from local document processing to network retrieval. This can expose the agent to SSRF-like access patterns, unintended access to internal resources, or ingestion of untrusted remote content without explicit user confirmation and capability scoping.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal