FOSMVVM UI Tests Generator

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only SwiftUI UI-test generator with some broad but disclosed code templates, and no hidden execution, credential access, persistence, or exfiltration behavior.

Install only if you want FOSMVVM SwiftUI UI-test scaffolding. Review generated diffs before committing, especially any files under Sources and any ViewModelOperations templates with API or business-logic placeholders, and make sure the target view, operations type, and bundle identifier are explicit before generation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is described as a UI test generator, but the templates also instruct the agent to generate production SwiftUI views and ViewModelOperations code, including placeholders for real API/business-logic implementations. This expands the skill's authority from test scaffolding into application code generation, which can cause unsafe or unreviewed logic to be introduced into production code under the guise of test support.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The skill is designed to activate based on broad 'conversation context' instead of tightly scoped triggers, which can cause it to engage during only loosely related discussions. In an agent setting, ambiguous activation criteria can lead to unintended code generation or modification outside the user's precise request, increasing the risk of unsafe or irrelevant changes.

Vague Triggers

Low

Confidence: 87% confidence
Finding: The skill states that it infers test type, view model details, operations, and infrastructure needs from generic prior context, but does not define reliable limits for that inference. In practice, this can cause overreach: the agent may synthesize tests or supporting files from incomplete context, making unintended repository changes and potentially propagating incorrect assumptions into generated code.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal