Qa Ci Cd Testing

Security checks across malware telemetry and agentic risk

Overview

This is a CI/CD testing guidance skill with no scripts or hidden data access; its only notable issue is that it may activate too broadly.

Install only if you want a planning/reference skill for CI/CD testing practices. Expect it may activate on broad CI/CD or automated-testing mentions; consider narrowing the trigger wording if you want it to appear only when explicitly asked to design or optimize a testing pipeline.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation trigger uses broad phrases like “CI/CD”, “持续测试”, and “自动化测试”, which can cause the skill to activate during general discussion rather than when the user explicitly requests this capability. Over-broad activation increases the chance of unintended routing, context pollution, or the skill influencing workflows where it was not appropriate to invoke it.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal