Back to skill

Security audit

Test Data Generator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent test-data generator, but users should treat generated SQL as write-capable test data and review custom templates before running it.

Install only if you intend to generate fake test data. Review generated SQL before running it, avoid untrusted custom templates, keep imports pointed at disposable test databases, and start with small row counts before bulk generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The SQL export builds INSERT statements by directly interpolating the table name and column names without identifier validation or proper quoting. While string values are partially escaped, an attacker controlling template_name, custom template field names, or table_name could inject malformed identifiers or SQL fragments, making the generated output unsafe if later executed against a database.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly supports generating SQL INSERT statements and bulk datasets for import into databases, but it does not warn users that importing or running the output can modify test or connected database environments. This creates a realistic risk of accidental data pollution, unintended writes, performance degradation, or misuse against non-test systems, especially when users copy-paste generated SQL without reviewing the target environment.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.