Back to skill

Security audit

Testing Patterns

Security checks across malware telemetry and agentic risk

Overview

This is a testing guidance skill with disclosed, purpose-aligned instructions and no evidence of hidden execution, credential access, exfiltration, or unauthorized persistence.

Safe to install as testing guidance. Prefer per-project installation unless you intentionally want it active globally, and verify the GitHub source before running the npx install command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The description activates the skill for phrases like "write tests," "add test coverage," and especially "test this function," which are common developer requests and are not bounded by explicit exclusions or context constraints. Because the manifest does not provide negative examples or narrower activation scope, the trigger criteria may cause unintended invocation in routine conversations.

Memory Manipulation

High
Category
Memory Poisoning
Content
|--------------|---------|-----|
| **Testing implementation** | Tests break on refactor, not on bugs | Test behavior and outputs, not internals |
| **Flaky tests** | Non-deterministic failures erode CI trust | Remove time/order/network dependencies |
| **Test pollution** | Shared mutable state leaks between tests | Reset state in `beforeEach` / `setUp` |
| **Sleeping in tests** | `sleep(2000)` is slow and unreliable | Use explicit waits, polling, or events |
| **Giant arrange** | 50 lines of setup obscure intent | Extract factories/builders/fixtures |
| **Assert-free tests** | Test runs but verifies nothing | Every test must assert or expect |
Confidence
80% confidence
Finding
Reset state

Session Persistence

Medium
Category
Rogue Agent
Content
# Testing Patterns

Unit, integration, and E2E testing patterns with framework-specific guidance. Write tests that catch bugs, not tests that pass — confidence through coverage, speed through isolation.

## What's Inside
Confidence
60% confidence
Finding
Write tests that catch bugs, not tests that pass — confidence through coverage, speed through isolation. ## What's Inside - Testing pyramid with ratio, speed, and confidence breakdown - Unit testing

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.