Back to skill

Security audit

Ab Test Setup

Security checks across malware telemetry and agentic risk

Overview

This is a text-only A/B testing helper with minor routing-scope and local context-reading notes, but no executable or privileged behavior.

Install this if you want help planning and evaluating A/B tests. Be aware that it may read local product marketing context files to reduce follow-up questions, so review those files first if they contain sensitive business information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is broad enough to activate on common phrasing like comparing two approaches or asking which version is better, which can cause the agent to invoke this skill outside explicit experimentation contexts. This is dangerous because it can misroute user intent, override more appropriate skills, and lead to irrelevant file reads or questioning patterns that degrade reliability and could expose contextual data unnecessarily.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The eval explicitly expects the skill to trigger on vague casual phrasing ('we want to test like 4 different CTA button colors...'), which encourages overly broad activation boundaries. In an agent system, ambiguous triggers can cause the wrong skill to intercept requests, leading to misrouting, reduced reliability, and potentially unsafe cross-skill behavior if this skill handles tasks better suited to other specialized skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.