Back to skill

Security audit

testcase-generator-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-run test-case generator that reads provided documents and writes an Excel-style output, with no evidence of hidden network access, credential use, or persistence.

Before installing, treat generated cases as drafts and review coverage manually, especially for API specs, database schemas, DOCX files, and CSV output claims. Only provide documents you are comfortable processing locally, and install any Python dependency such as openpyxl from a trusted package source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill claims broad, intelligent generation from requirements, APIs, database schemas, and reference cases, but the analyzed behavior indicates it only performs narrow keyword-driven template generation and misrepresents output capabilities. This is dangerous because users may trust incomplete or fabricated coverage, leading to missed test scenarios, false assurance, and potentially untested production defects in security- or business-critical workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.