Horizon SDK

Security checks across malware telemetry and agentic risk

Overview

This is a coherent prediction-market trading skill, but it can place or cancel real orders through an unpinned external SDK without strong built-in safeguards.

Install only if you intend the agent to interact with prediction-market accounts. Use paper mode or read-only credentials where possible, keep HORIZON_API_KEY least-privileged, require explicit human confirmation before any order, cancellation, arbitrage, kill-switch, stop-loss, take-profit, or runtime-parameter change, and review or pin horizon-sdk before trusting it with trading authority.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger scope is very broad, covering essentially any prediction-market-related request, including discovery, analytics, wallet lookups, and trading operations. In a high-risk financial skill, broad invocation criteria increase the chance the agent routes users into a tool that can place or cancel orders when a narrower, intent-specific trigger would be safer.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents destructive financial actions such as order submission and cancellations, including cancel-all and cancel-market, but warning language is not consistently attached to each dangerous command. In a trading context, omission of repeated, command-local warnings can lead to accidental execution of irreversible or high-cost actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal