Security audit

Qa State Transition

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only QA skill for designing state-transition tests and does not request risky execution or data access.

Safe to install for QA state-transition analysis. Be aware it may activate on broad state-machine wording, so use explicit prompts or disable it when you only want a general conceptual discussion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation criteria are broad enough that this skill could be invoked for general mentions of '状态测试', '状态转换', or '状态机' even when the user is not asking for this specific state-transition-analysis workflow. That can cause unintended routing, producing irrelevant or overly specialized outputs and potentially displacing a more appropriate skill, though it does not introduce direct code-execution or privilege-escalation risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal