lin-tet-master

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only QA/testing skill with broad triggers and some powerful testing examples, but no hidden execution or credential behavior was found.

Install this only if you want a broad QA/testing assistant. Review any generated tests before running them, keep them pointed at local or staging systems with synthetic accounts and data, and be especially careful with database cleanup, load tests, security probes, and strict TDD advice that suggests deleting or rewriting code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes very broad, common terms such as 'test', 'testing', and 'QA' that are likely to appear in ordinary engineering conversations. This can cause unintended invocation of the skill, leading to misrouting of tasks, context pollution, and reduced reliability of agent behavior.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description says to use the skill for a wide range of testing and automation activities without clearly distinguishing it from adjacent engineering skills. This ambiguity increases the chance the system invokes the wrong skill for general development or debugging requests, which can produce incorrect or overly broad agent behavior.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 95% confidence
Finding: Using 'test' as a trigger conflicts with a built-in command of the same name, creating a shadowing condition. This can hijack or interfere with expected platform behavior, causing command confusion and unintended execution paths.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 91% confidence
Finding: The trigger 'QA' is extremely short and likely to match benign text fragments or conversational references, causing accidental activation. While less severe than command shadowing, it still degrades routing accuracy and may invoke the skill in unrelated contexts.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 86% confidence
Finding: The trigger 'test strategy' begins with the reserved/built-in command term 'test', which may be interpreted as or collide with the built-in command namespace. This can create ambiguous parsing and cause the wrong handler to be selected.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 86% confidence
Finding: The trigger 'test automation' may conflict with the built-in 'test' command due to shared command-leading syntax. In systems that tokenize on the first word, this can lead to command shadowing or ambiguous dispatch.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 86% confidence
Finding: The trigger 'test framework' starts with a built-in command keyword and may therefore be parsed ambiguously. This creates a risk of the skill intercepting requests intended for platform-native test functionality or vice versa.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 85% confidence
Finding: The trigger 'test maintenance' also inherits the same leading-token conflict with the built-in 'test' command. Repeated shadow-style triggers increase the overall likelihood of accidental or incorrect routing across many common prompts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal