Security audit

Oanda Forex Trading

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed OANDA forex trading integration, but it can place, modify, cancel, and close live-money trades without a built-in confirmation gate.

Use this only if you intentionally want an agent connected to OANDA trading. Prefer practice credentials, verify whether the connected account is live before any call, and require your own explicit confirmation for every place, modify, cancel, close-trade, or close-position action. Set broker-side limits where possible and remember that Good-Til-Cancelled orders may remain active after the agent session ends.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill advertises very broad trigger phrases such as generic forex trading and API integration terms, which can cause an agent to invoke this skill for loosely related requests. Because the skill includes high-risk actions like placing live orders and closing positions, overbroad discovery increases the chance of unintended activation and unauthorized real-money operations.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill exposes destructive financial actions such as market orders, closing trades, and closing positions without a mandatory explicit confirmation or prominent safety gate immediately before those operations. In a live-account context, an accidental or ambiguous invocation can directly cause irreversible monetary loss, unwanted liquidation, or market exposure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This skill exposes high-risk financial actions such as placing market and stop orders, modifying pending orders, and closing trades or positions, but the schema provides no explicit warnings, confirmation requirements, or safety gating around irreversible monetary impact. In an agentic setting, this increases the chance that ambiguous prompts, prompt injection, or routine automation errors could trigger real trades or liquidations on a live account without the user appreciating the consequences.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal