Back to skill

Security audit

HiMarketInsight

Security checks across malware telemetry and agentic risk

Overview

This market-analysis skill is mostly coherent, but it requests shell execution and broad file modification powers without explaining when they are needed or requiring user control.

Review this skill before installing. It appears intended for legitimate market and strategy analysis, but only use it if you are comfortable with a market-research assistant that can browse the web, read local files, run shell commands, and modify files. Prefer installing a version that removes execute_command and limits file writes to explicit report exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill grants execute_command to a market-insight workflow that primarily needs search, retrieval, and structured analysis. Unnecessary shell execution expands the attack surface significantly: prompt-injected content, fetched web data, or ambiguous user requests could cause the agent to run local commands, access sensitive environment data, or chain into broader system compromise.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
write_to_file and replace_in_file are not justified by the stated role of strategic market analysis and intelligence gathering. These capabilities let the skill alter local files or project content, which could be abused to overwrite data, plant misleading outputs, or persist malicious changes if the agent is manipulated by hostile input.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation description is broad enough to match many ordinary business, research, and planning requests, increasing the chance the skill is invoked in contexts beyond its intended scope. Over-broad activation becomes more dangerous here because the skill also has powerful tools, so accidental invocation can expose web access, command execution, and file modification where they are unnecessary.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list covers a wide range of common business questions without exclusion conditions or tool-usage boundaries. This increases unintended activation frequency and can route general requests into a skill that is empowered to browse, fetch, write files, and execute commands, magnifying risk from both user ambiguity and adversarial content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes command execution and file modification capabilities without any user-facing warning, consent checkpoint, or safety boundary in the description. Users may reasonably expect a market-analysis assistant, not one that can execute local commands or alter files, creating a transparency and authorization gap that can be exploited through prompt injection or mistaken trust.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The skill advertises web-based intelligence collection, including article search, but does not warn about privacy, data provenance, or handling of potentially sensitive search terms. While lower severity than local execution risks, this can still lead to unintended disclosure of confidential business interests or reliance on untrusted external content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.