Qa Agent Testing

Security checks across malware telemetry and agentic risk

Overview

The available signals do not show malicious behavior; the main issues are usability and activation-scope concerns.

Before installing, confirm that the trigger language matches when you want this skill to run and that Chinese-language behavior is appropriate for your workflow. No malicious or high-risk behavior is supported by the provided evidence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation conditions are broad and loosely phrased, such as triggering on generic mentions of AI testing or agent testing. This can cause the skill to activate in unintended contexts, increasing the chance that its instructions override more appropriate workflows or are applied to requests the user did not intend to route here.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill metadata and trigger phrasing are Chinese-specific and effectively steer usage toward a fixed locale without indicating user choice. In multilingual environments this can cause incorrect activation, reduced usability, or misunderstandings that affect testing quality and downstream safety decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal