Back to skill

Security audit

Energy Market Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Alberta energy market analysis skill with clear source and advice boundaries, though users should treat its outputs as informational analysis rather than financial or procurement advice.

Install this only for sourced Alberta energy market briefings. Treat its stance and next actions as analysis and monitoring prompts, not trading, hedging, procurement, legal, compliance, or PPA signing advice; verify current AESO data and consult qualified professionals before making financial or operational commitments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The README creates a contradictory safety boundary: it disclaims trading recommendations, but then instructs the skill to produce a 'current justified stance' and 'recommended next 3 actions.' In an energy-market context, those outputs can easily function as de facto operational or trading advice, increasing the chance that users rely on unsanctioned recommendations framed as analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.