Back to skill

Security audit

测试用例生成专家

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Chinese test-documentation assistant with some usability constraints, not a skill that seeks sensitive access or unsafe authority.

Install this if you want a Chinese-language assistant for structured test case and test document generation. Avoid it for teams that need English or mixed-language output unless you are comfortable overriding or editing the skill instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
触发关键词包含“测试用例”“测试需求”“测试文档”等高度通用表述,容易在普通测试讨论中被误触发,导致技能在不期望的上下文中接管对话。虽然这不直接造成代码执行或数据泄露,但会引发越权式自动介入、错误工作流路由和结果偏离用户真实意图,属于配置层面的安全/可靠性问题。

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
技能描述中声明“输出语言统一使用中文”,在未提供用户选择或协商机制的情况下强制限定输出语言,会覆盖用户偏好并可能导致误解、可访问性下降或与上游系统语言策略冲突。在安全敏感或多语言环境中,这种强制行为可能让关键测试信息被错误理解,从而间接影响决策质量。

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
使用说明再次强制“输出语言统一使用中文”且“不随意改变结构”,缺少用户选择空间,说明该限制会在实际执行阶段被严格贯彻。此类刚性约束本身不是传统高危漏洞,但会增加误用风险,尤其在跨语言团队、国际化测试或需要与英文接口/规范对齐时,可能导致信息转换错误和操作失配。

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.