IDX CMA Report

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but the generated interactive report can run unsafe listing content when opened or shared.

Install only if you are comfortable reviewing or patching the generated HTML before opening or sharing it. Do not feed untrusted IDX/listing text into the interactive report as-is, and confirm before sending cma_data.json or hosted reports to Google/Gemini because they may include property, location, and valuation details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: This is a real DOM XSS issue. Untrusted listing fields such as comp.address are inserted into the page using tr.innerHTML with template interpolation, so attacker-controlled HTML like <img onerror=...> or other markup can execute when the generated report is opened in a browser. In this skill's context, the script produces shareable seller-facing CMA artifacts, which makes malicious listing data more dangerous because reports may be viewed locally or hosted and opened by agents or clients.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal