Back to skill

Security audit

Unit Test Coverage Helper

Security checks across malware telemetry and agentic risk

Overview

This is a simple unit-test guidance skill with broad activation wording, but it does not request sensitive access, install code, persist data, or perform hidden actions.

Install only if you want a general testing and coverage helper. Be aware it may be invoked on broad software-quality requests, so use the explicit skill name when you want it and disable or narrow implicit activation if your agent supports that.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad enough to match common, everyday requests about testing and software help, which can cause the skill to activate outside its intended scope. In an agent ecosystem, this increases the chance of unintended routing, prompt shadowing, or the skill influencing unrelated tasks without the user explicitly requesting it.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description uses very broad activation language such as 'Help users with software-and-data, unit tests, test coverage, testing, regression,' which can match many ordinary requests not specifically intended for this skill. Over-broad routing can cause inappropriate invocation, context leakage across tasks, and unreliable agent behavior by activating the skill outside its narrow purpose.

Vague Triggers

High
Confidence
98% confidence
Finding
The listed keywords are highly ambiguous and generic, especially 'software-and-data,' 'testing,' and 'quality,' making accidental activation likely across a wide range of unrelated conversations. In agent systems, ambiguous trigger vocabularies can degrade routing integrity and cause the skill to intercept tasks it should not handle.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Using 'Help me' in an example trigger normalizes an everyday phrase as an activation cue, which increases the chance that generic user requests will be interpreted as a signal to invoke the skill. This weakens trigger specificity and can contribute to overreach by the skill-selection layer.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broadly scoped around common software-engineering terms and a long 'validated demand' statement, without clear exclusion criteria or tighter routing boundaries. This can cause the skill to be invoked for loosely related requests, leading to incorrect task handling, context leakage across workflows, or bypass of more appropriate specialized skills.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger keywords include very generic terms such as 'testing', 'regression', and 'quality' without contextual constraints or disambiguation. In a skill-routing system, such broad keywords can over-match unrelated user requests, causing unintended invocation and increasing the chance of unsafe or low-relevance automated actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The default prompt is very broad and uses common software terms like unit tests, test coverage, testing, regression, workflow, artifact, checklist, analysis, and implementation support. Combined with implicit invocation, this increases the chance the skill is triggered in conversations where the user did not explicitly ask for it, which can cause prompt hijacking of unrelated requests or unintended routing into this skill.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger sentence begins with an overly broad everyday phrase ('Help me ...'), which can cause accidental activation when a user is making a general request rather than intentionally invoking this skill. In an agent routing context, broad triggers increase the chance of misclassification, unintended skill selection, and downstream processing of user content under the wrong workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.