Characterization Test Writing

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only developer skill for writing regression-safety tests around legacy code, and its requested code edits and test runs match that purpose.

Install this if you want the agent to help write characterization tests before changing legacy code. Review generated tests carefully because they intentionally preserve current behavior, including behavior that may later turn out to be a bug.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The manifest description contains many broad trigger phrases such as general requests about testing legacy code, regression safety nets, and writing tests before changes. In an agentic skill system, overly broad activation criteria can cause the skill to trigger in contexts where it is only partially relevant, increasing the chance of inappropriate tool use (Read/Edit/Bash) or workflow hijacking away from a more suitable skill. The content itself is not overtly malicious, but the breadth of matching expands the attack surface for unintended invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal