increment-code-unit-test-creat

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly described Java/Maven unit-test generator that reads and edits project test files in expected ways.

Install this if you want an agent to inspect a Java/Maven repository, generate or update JUnit/Mockito tests, optionally update pom.xml after confirmation, and run Maven test commands. Use it on a feature branch, review generated tests and dependency edits before committing, and avoid running Maven builds in repositories you do not trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill metadata and description advertise activation for broad requests like generating unit tests or improving coverage, which can cause the skill to trigger in situations where the user did not specifically ask for incremental Java/Maven JUnit+Mockito workflows. Over-broad activation increases the chance of unintended tool use, repository inspection, or file modification in contexts that only needed lightweight advice.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The explicit trigger list contains vague phrases such as 'generate tests', '提高测试覆盖率', and similar generic requests without scope constraints. In an agent setting, this can lead to accidental invocation on unrelated tasks, causing unnecessary codebase scanning, git diff analysis, Maven actions, or automated edits beyond the user's intended scope.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal