Security audit

回归测试用例生成器

Security checks across malware telemetry and agentic risk

Overview

This is a self-contained regression-test suggestion skill with broad trigger phrases but no evidence of hidden data access, network activity, persistence, or destructive behavior.

Use this skill for test-planning assistance and review its recommendations before relying on them for regulated, safety-critical, or release-blocking decisions. Be aware that casual mentions of regression testing may trigger it because several activation keywords are broad.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases include very generic terms such as “回归测试”, “regression test”, and especially “测试建议”, which can easily appear in ordinary conversation. In an agent environment, overly broad activation can cause the skill to trigger unintentionally, injecting its behavior into unrelated contexts and reducing user control over which skill is invoked.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains very broad phrases such as “回归测试”, “regression test”, and “测试建议”, which can match ordinary user conversation and cause the skill to activate unexpectedly. Over-broad activation can route unrelated testing discussions into this skill, leading to inappropriate tool/script invocation, irrelevant recommendations, or bypass of a more suitable skill.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The skill metadata and content are written only in Chinese and do not document language behavior or user choice, which can cause unintended language locking for users interacting in other languages. This is primarily a quality and usability risk, but in multi-skill routing it can also cause misunderstanding of generated test advice or misapplication in mixed-language environments.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation keyword "回归测试" is broad enough to match ordinary user conversation about regression testing, which can cause the skill to trigger unintentionally outside a clear invocation context. Overbroad activation increases the chance of accidental execution, context hijacking, or the skill being selected when the user did not intend to run it.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The keyword "测试建议" is highly ambiguous and could match many unrelated testing or quality-assurance discussions, making unintended activation likely. In agent systems, ambiguous triggers can misroute user requests, expose workspace context to the wrong skill, or let a lower-precision skill interfere with other workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.