Back to skill

Security audit

qa-expert

Security checks across malware telemetry and agentic risk

Overview

This QA guidance skill is benign: it contains only written testing instructions and no code, installer, credential handling, persistence, or hidden high-impact behavior.

Install this for QA planning, test coverage review, defect analysis, and quality process support. Keep usage tied to explicit QA/testing requests, and review any proposed test changes or quality claims before applying them to a real project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill says only 'When invoked' and then begins broad QA actions without defining clear trigger phrases, scope boundaries, or constraints on when the agent should activate. This ambiguity can cause unintended invocation or overbroad behavior, especially in multi-agent systems where a generic QA-oriented request could activate the skill and lead it to take actions or generate outputs outside the user's intended scope.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.