Back to skill

Security audit

Energy Performance Certificates

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed read-only helper for querying UK Energy Performance Certificate data through OOMOL's connector.

Install only if you want Codex to use your OOMOL-connected Energy Performance Certificates account for certificate lookups and searches. Be aware that queries may include property-related identifiers or filters sent to the OOMOL connector, and verify the `oo` CLI install source if you need first-time setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description says to use this skill for ANY Energy Performance Certificates request and instead of calling the API directly, which is an overly broad routing instruction. Broad triggers can cause the agent to invoke this skill in situations where it is unnecessary or inappropriate, increasing the chance of unintended external data access, privacy exposure in queries, or tool-selection hijacking over safer or more specific handling paths.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.