Back to skill

Security audit

Trade Dashboard

Security checks across malware telemetry and agentic risk

Overview

This trade analytics dashboard is mostly coherent, but it says it will automatically tune other trade skills without explaining approval, limits, storage, or rollback.

Install only if you want a B2B trade analytics dashboard. Before use, tell the agent not to modify Hunter, Qualifier, scoring weights, search strategy, memory, or other skill behavior unless you explicitly approve the exact change, and keep ROI, lead, and email-performance data limited to sources you intentionally provide.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are very broad and match generic analytics needs such as viewing overviews, tracking ROI, and generating reports. In an agent environment, this can cause the skill to activate for many unrelated requests, leading to unintended routing, over-collection of business data, or invocation in contexts the user did not explicitly intend.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.