Price Api

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent construction-cost helper that fetches public price data and processes user-provided cost files without hidden persistence or deceptive behavior.

Install if you need construction material pricing and cost-estimation support. Before applying or exporting cost database updates, review the proposed changes, keep backups of important pricing files, and avoid hard-coding or sharing any optional FRED API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The instruction to fetch construction material prices from open APIs is broad and does not clearly define when the skill should activate versus when a general assistant should respond. In an agent environment, underspecified activation can cause the skill to trigger on loosely related requests, leading to unnecessary external data access, unintended handling of user-supplied file paths or parameters, and expansion of the attack surface.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal