Qa Execution Observation

Security checks across malware telemetry and agentic risk

Overview

This is a QA testing guidance skill with no executable payload or hidden behavior, though users should invoke it only when they want log, data, and execution-observation help.

Install this if you want Chinese-language QA help for observing test execution signals. Because it may lead an agent to inspect logs or data, use it in test environments or with explicit scope, and avoid letting it run broad log or database checks unless that is what you intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation condition is broad and loosely defined, including generic phrases like '测试执行' and '需要提升执行质量时', which can cause the skill to trigger in situations beyond its intended scope. In an agent setting, unintended invocation can lead to inappropriate guidance, unnecessary tool use, or exposure to logs, environment details, and operational context that were not needed for the user’s request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal