Security audit

Space Earth Science Explorer

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AgentPMT remote tool wrapper for public NASA, NOAA, and USGS science data, with no local runtime, persistence, or hidden credential handling in the artifacts.

Install only if you intend to use AgentPMT-hosted remote calls for public science data. Be aware that calls may consume the listed credits and send your query text to AgentPMT and upstream public data providers; use specific space or earth science prompts to avoid accidental activation from the broad "query" keyword.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: Including the generic keyword "query" as an activation trigger is overly broad and can cause this skill to be selected for many unrelated user requests. In an agent environment that can make remote tool calls, this increases the chance of unintended external requests, data disclosure in prompts sent upstream, or workflow confusion from tool misrouting.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal