e2e-test-specialist

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only end-to-end testing skill whose examples fit testing work, though users should keep its database reset examples away from production data.

Safe to install as a testing guidance skill. Before using generated or copied code, confirm BASE_URL, API tokens, and DB_* variables point only to local, staging, or disposable test resources, and review any database cleanup steps before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The example includes helper code that directly connects to a database and performs `TRUNCATE TABLE ... CASCADE` operations for seeding and cleanup. In an agent skill context, this expands from test-authoring guidance into destructive infrastructure manipulation; if copied into a real environment or run against misconfigured targets, it can erase data well beyond an isolated test sandbox.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The markdown presents destructive database reset logic without any cautionary note, safety guard, or statement that it must only be used against disposable test environments. In a reusable skill, omission of that warning materially increases the chance that users or downstream agents apply the pattern to shared or production-like databases, causing unintended data loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal