Tests Generator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only helper for writing deterministic tests, with a malformed trigger metadata field but no evidence of hidden, destructive, or data-stealing behavior.

Safe to install for normal development use. Review generated tests before committing them, run them in a development or CI environment, and avoid pointing them at real credentials, production services, or live external systems unless you intentionally configure that.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger field is defined as `System.Object[]`, which is an implementation-type placeholder rather than a concrete, constrained trigger schema. Ambiguous trigger definitions can cause the skill to match unexpectedly broad events or be interpreted inconsistently by tooling, increasing the risk of unintended invocation or bypass of expected security controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal