Back to skill

Security audit

Aloudata CAN SKILLS - forecast-simulation

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only forecasting skill with broad routing language but no hidden code, persistence, credentials, or destructive behavior.

Install if you want a Chinese-language workflow for simple mathematical forecasting. Use it with a trusted metric-query skill, treat business metric data as sensitive, and ask for clarification when a request is ambiguous between planning, ordinary conversation, and actual forecasting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger criteria are intentionally expansive and include many common future-oriented phrases, which can cause this skill to be invoked when the user intended a different capability or a normal conversational reply. In an agent system, over-broad routing is a real security/control issue because it can override user intent, force unnecessary data access through downstream skills, and increase the chance of incorrect or misleading automated analysis being presented as authoritative.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.