Security audit

Qa Bug Lifecycle

Security checks across malware telemetry and agentic risk

Overview

This is a read-only QA guidance skill for managing bug lifecycles, with a minor risk that its broad trigger phrases could activate unintentionally.

Install this if you want Chinese-language support for structured bug lifecycle management. Be aware it may activate on broad QA phrases like severity or defect trends, so use explicit wording when you only want a general QA discussion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The auto-trigger conditions are broad and loosely defined, causing this skill to activate for generic mentions of bug management, severity, trends, or process discussions. That can lead to inappropriate routing, context hijacking, or accidental disclosure of unrelated project or defect information into the skill workflow, especially in multi-skill environments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal