Security audit

Global Debt Fiscal Explorer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed AgentPMT data-query integration for World Bank fiscal and debt indicators, with no executable local code in the reviewed artifact.

Install only if you want AgentPMT-backed fiscal data lookups and are comfortable sending fiscal-data queries to AgentPMT and spending 30 credits per query. Use it intentionally for live World Bank fiscal indicators rather than for every general economics question.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The skill advertises very broad natural-language activation phrases such as generic research and comparison requests. This can cause the agent to invoke a paid remote tool for ordinary fiscal/economic questions that could be answered locally, unnecessarily transmitting user queries to a third party and increasing the chance of overbroad tool use.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal