Agent Regression Testing

Security checks across malware telemetry and agentic risk

Overview

This regression-testing skill is mostly a documentation workflow that writes reports to a disclosed Feishu location, with no hidden installer or executable behavior.

Before installing, confirm the listed Feishu knowledge base/node is an approved destination for your team. Treat defect details, test environments, execution results, and release recommendations as potentially sensitive, and ask the agent to redact or keep the report local when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly stores regression testing reports in Feishu but does not disclose to the user that project, defect, environment, and test execution data will be sent to an external document platform. In this context, regression reports commonly contain sensitive internal information, so silent export increases confidentiality and compliance risk even if the destination is an approved enterprise tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal