Back to skill

Security audit

incident.io

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed read-oriented incident.io connector wrapper, with no artifact evidence of hidden mutation, persistence, exfiltration, or destructive behavior.

Install only if you are comfortable routing incident.io read requests through OOMOL's oo connector and have connected the correct incident.io account. Treat incident data as sensitive business data, and do not approve any future write or destructive action unless the skill version clearly lists it and you intentionally want that change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest and description constrain the skill to searching and reading data, but the body text claims support for write and destructive actions. This mismatch can cause downstream agents or users to invoke the skill under the false assumption that it is read-only, creating a privilege and consent boundary failure if future or hidden actions mutate incident state.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The safety section discusses write and destructive actions as if they may exist, but the available-actions list contains only read operations and no tagged mutating actions. This inconsistency weakens operator trust in the documentation and could hide future dangerous capabilities behind ambiguous guidance, making it easier for an agent to misclassify an action's risk.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The instruction to use this skill for ANY incident.io request is overly broad and encourages routing all incident.io tasks through a single skill without regard to least privilege or task-specific safety constraints. In context, this is more dangerous because the same document also implies possible write/destructive support, so broad invocation scope could cause unintended use in sensitive operational workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.