Back to skill

Security audit

Ai Test Strategy Architect

Security checks across malware telemetry and agentic risk

Overview

This is a testing-assistant skill with sample API and browser test code, and it does not contain executable install code or hidden behavior.

Reasonable to install for QA and automation help. Treat all example URLs, tokens, login values, and payment details as placeholders; use sandbox or staging environments, provider-approved test cards, and secret managers or environment variables for real test credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill includes executable example code that performs live HTTP requests and browser automation against production-like domains such as api.example.com and shop.example.com, but it does not warn users that these examples may trigger real network activity if copied into a test environment with substituted hosts or credentials. In a testing-focused skill, users are especially likely to run sample code directly, which increases the chance of unintended interaction with external systems, test accounts, or even production services.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.