Prediction Bridge Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, read-only API client for prediction market lookup, with the main privacy consideration that queries and wallet addresses are sent to a hosted service.

Install this only if you are comfortable sending prediction-market searches, market identifiers, and wallet addresses to the Prediction Bridge API. Do not set PREDICTION_BRIDGE_URL to an endpoint you do not trust, and avoid using sensitive private queries or wallet identifiers unless that data sharing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The markdown tells users to run a bundled script but does not prominently disclose that doing so sends user queries to a live third-party API. This can create privacy and consent issues, especially if sensitive user prompts, wallet addresses, or market interests are transmitted externally without an explicit warning.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal