Test Master

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only testing guidance skill with some broad activation triggers and test-environment examples, but no hidden execution, persistence, or data exfiltration behavior.

Safe to install for testing help, with normal caution: prefer explicit invocation, keep generated tests and examples pointed at local/test/staging systems, and do not allow load tests, security payloads, database cleanup, or code deletion to run against production or important data without review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list contains broad, common terms such as 'test', 'testing', and 'QA' that are likely to appear in many normal conversations. This can cause unintended invocation of the skill, increasing the chance that the agent routes requests to this skill when the user did not explicitly intend it.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 95% confidence
Finding: Using 'test' as a trigger conflicts with a built-in command of the same name, creating a shadowing condition where normal command behavior may be intercepted or altered. This can lead to unreliable routing, accidental skill activation, or abuse of command precedence if the platform resolves ambiguous triggers unsafely.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 93% confidence
Finding: The trigger 'QA' is extremely short and broadly applicable, so it may match unrelated inputs or abbreviations in ordinary user requests. While less severe than explicit command shadowing, it still increases accidental invocation and weakens predictable skill selection.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 88% confidence
Finding: The trigger 'test strategy' begins with the reserved/built-in command term 'test', which may create ambiguous parsing or partial-match conflicts with the built-in command. In systems with loose matching, this can cause the skill to activate when the user intended the native command flow.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 88% confidence
Finding: The trigger 'test automation' includes the built-in command term 'test' and may be parsed ambiguously in environments where reserved command names have special handling. This raises the risk of command shadowing, accidental invocation, or inconsistent routing behavior.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 88% confidence
Finding: The trigger 'test framework' overlaps with the built-in command keyword 'test', which can introduce command-resolution ambiguity. Even in a benign skill, this undermines safety and predictability by making it easier for the skill to intercept requests unintentionally.

Shadow Command Trigger

Medium

Category: Trigger Abuse
Confidence: 87% confidence
Finding: The trigger 'test maintenance' again reuses the built-in command term 'test', creating the same class of prefix/shadowing ambiguity. Repeated use of reserved-command-prefixed triggers broadens the number of situations where unintended invocation can occur.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal