Prediction Bridge Dev

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Prediction Bridge search helper that sends the user’s query or X link to a documented backend API, with no hidden install, persistence, credential use, or destructive behavior found.

Install only if you are comfortable sending search text, article URLs, or X links to Prediction Bridge’s backend. Do not use it with confidential text, secrets, private documents, or private links, and ensure any PREDICTION_BRIDGE_API_URL override points to a service you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs sending user-provided free text or X/Twitter links to a third-party backend, but it does not require informing the user that their input will leave the local agent environment. That creates a privacy and data-handling risk, especially if users paste sensitive text, private URLs, or identifying information expecting only local processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal