Security audit

Infrastructure Mobility And Housing Data Hub

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed markdown-only guide for using an AgentPMT-hosted World Bank infrastructure data tool, with paid remote calls clearly described.

Install only if you want an AgentPMT-hosted, potentially paid World Bank infrastructure data lookup tool. Confirm before sending project, country, or planning context to AgentPMT, and use scoped AgentPMT credentials or wallet/payment settings from the setup skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill advertises broad activation terms such as urban planning support, mobility and transit analysis, and housing trends, which can match many generic user requests that do not specifically require this remote tool. That increases the chance an agent invokes an external paid service unnecessarily and sends user-provided context to a third party when a local answer or narrower tool would suffice.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal