Back to plugin

Security audit

Trend Forecast

Security checks across malware telemetry and agentic risk

Overview

Review recommended because the skill is mostly coherent for forecasting, but it sends user prompts and gathered market/social data to AIsa services and has overbroad social-media workflow language without a clear privacy boundary.

Install only if you are comfortable sending the requested topics, prompts, and gathered research context to AIsa. Avoid entering confidential strategy, personal data, or proprietary research topics unless the provider's data handling is acceptable, and require explicit approval before any social-media posting or engagement workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares required binaries and environment variables but does not explicitly declare permissions while still instructing network access, use of secrets, and file output via saved reports. This creates a transparency and least-privilege problem: hosts or users may not realize the skill can transmit prompts externally and write artifacts to disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The documented behavior materially exceeds the narrow declared purpose by including LLM-mediated query decomposition/synthesis, broader financial intelligence collection, and report saving. This mismatch can mislead operators about the scope of processing and external disclosure, increasing the chance that sensitive user queries are sent to third parties or persisted unexpectedly.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The README states the skill should be used for broad X/Twitter research, monitoring, posting, or engagement workflows, which goes beyond the narrower trend-forecasting purpose. In an autonomous-agent setting, this can cause over-invocation for general social-media tasks, increasing the chance the agent uses forecasting/data-collection capabilities in contexts not intended by the author or operator.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs sending raw user queries and derived topic summaries to external AIsa REST and chat-completions endpoints without a clear privacy warning or consent step. If users include proprietary strategy, internal research topics, or personal data in prompts, that information is disclosed to a third-party service without explicit notice.

Ssd 4

Medium
Confidence
95% confidence
Finding
The synthesis step concatenates untrusted text from prediction markets, Twitter/X, news, and stock/news feeds directly into the LLM prompt without delimiting it as untrusted data or instructing the model to ignore embedded instructions. If any upstream content contains prompt-injection text, the model may follow those instructions, distort the forecast, exfiltrate structured context, or produce unsafe/manipulated output.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
def get_api_key():
    """Get AISA_API_KEY from environment."""
    key = os.environ.get("AISA_API_KEY")
    if not key:
        print("ERROR: AISA_API_KEY not set.", file=sys.stderr)
        print("Get your key at https://aisa.one", file=sys.stderr)
Confidence
70% confidence
Finding
os.environ.get("AISA_API_KEY

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.