City of Ottawa Open Data

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support a legitimate Ottawa open-data workflow, but it asks for broad shell execution and can activate on overly broad phrases.

Review the skill before installing, especially its Bash commands and any Python scripts it runs. Install only if you are comfortable granting shell access for Ottawa open-data tasks, and prefer narrowing activation phrases to explicit requests such as searching open.ottawa.ca.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Granting broad Bash execution to a skill whose stated purpose is searching and fetching public open data violates least-privilege and increases the blast radius of any prompt injection, script compromise, or misuse. Because the skill invokes local Python scripts and can write files or access the network, Bash could be abused for arbitrary command execution beyond the intended Ottawa data workflow.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are generic Ottawa-related terms like 'open', 'ottawa transit', and 'ottawa environment', which can cause the skill to activate for ordinary conversation unrelated to explicitly using this tool. Over-broad activation is dangerous here because the skill has Bash permission, so accidental invocation could grant an unnecessarily powerful tool access in contexts where the user did not intend it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal