Qa Code Review For Test

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed test-focused code review guide that reads code diffs to produce testing impact advice, with no hidden install behavior or persistence.

Install this if you want Codex to review code changes from a QA/testing perspective. Be aware it may activate on broad phrases like code review or CR, so ask explicitly for another review style when you do not want testing-focused feedback.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The activation triggers are overly broad, using common phrases like “代码评审” and “CR” without constraining the task to a testing perspective. This can cause the skill to activate in unrelated review contexts and steer the agent into using its instructions and tools when the user intended a different workflow, increasing the chance of unintended code access or scope hijacking.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal