Security audit

Qa Test Strategy Design

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese QA test-strategy planning skill with broad activation wording, but its behavior is disclosed, non-executable, and aligned with producing testing plans.

Install this if you want a Chinese-language QA test strategy workflow. Be aware it may activate on broad testing phrases, and it has read/search permissions for workspace context, so use it where project-file inspection for planning is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill’s trigger phrases are broad enough to match common, non-specialized discussion about testing, which can cause unintended auto-activation. This is dangerous because the wrong skill may steer the conversation, produce irrelevant guidance, or suppress selection of a more appropriate skill, reducing reliability and potentially affecting downstream decision-making.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill is authored entirely in Chinese and its usage instructions assume Chinese-language interaction without indicating multilingual behavior or fallback. This can cause incorrect activation or unusable outputs for users operating in other languages, leading to misunderstanding, exclusion, or degraded agent performance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal