Security audit

Global Poverty Inequality Data

Security checks across malware telemetry and agentic risk

Overview

This appears to be a hosted AgentPMT query skill, with a privacy note needed because user inputs are sent to a remote service.

Install only if you are comfortable with the skill sending the action inputs you provide to AgentPMT-hosted infrastructure. Keep requests minimal and do not include secrets, private personal details, or internal identifiers unless you explicitly intend to share them with that service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: This skill ultimately sends user-supplied query parameters to a remote AgentPMT-hosted service, but the invocation section does not present that fact as a prominent privacy warning at the point of use. Users or higher-level agents may supply sensitive context in free-text fields like country_or_region or surrounding prompts, not realizing the content leaves the local environment and is transmitted to third-party infrastructure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal