Security audit

Qa Bug Lifecycle

Security checks across malware telemetry and agentic risk

Overview

This is a small QA bug-lifecycle guidance skill with no executable code, no network behavior, and only read/search tool access.

Install this if you want structured guidance for bug lifecycle management and defect metrics. Be aware it may activate on broad QA terms such as severity or defect trends; if that is not intended, tell the agent you are only discussing QA concepts and do not want the bug-lifecycle workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill’s trigger conditions are broad and overlap with common QA/project-management phrases such as '缺陷管理', 'Bug管理', '严重度', and '缺陷趋势'. This can cause unintended invocation in conversations that only mention these concepts at a high level, potentially steering the agent into an unnecessary workflow and producing irrelevant or misleading process guidance.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal