Security audit

Cue Credit Diligence

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Cue-based credit diligence research workflow that uses public data and requires confirmation before spending credits.

Install this only if you intend to use Cue for credit diligence or related public-data research. Expect it to access Cue services, use your local Cue credentials, and potentially clone/update the Cue runner; approve the research run only when you are comfortable spending credits on the named subject.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 75% confidence
Finding: The trigger phrases are broad enough that the skill could activate for loosely related requests, causing the agent to enter a high-impact credit-diligence workflow unexpectedly. In this skill, activation can lead to external network access, repository cloning, and a credit-consuming research run, so ambiguous triggering increases the chance of unintended actions and cost-incurring behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal