测试用例评审器

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow test-case review assistant with no executable code, persistence, network behavior, or credential access.

Install this if you want help reviewing existing test cases or QA checklists. Provide only the relevant test material and product context; if you reference local paths, expect the agent to search/read those files with grep/find. It should not be used to run tests, modify code, or generate a full new test suite from scratch.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The boundary-case example "看看这个用例" is too underspecified and can cause the skill to activate on vague user inputs without confirming that existing test cases were actually provided. In an agent-routing context, overly broad triggers increase the chance of incorrect workflow selection, which can lead to hallucinated reviews, mishandling of user intent, or bypass of the intended requirement to review only existing test artifacts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal