Security audit

Cue Global Macro

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Cue research helper for global macro topics, with network and credit use explained before the research run.

Install this if you want Cue-powered global macro research. Before running it, review the clone/update command for ~/.cue/cue-skills, confirm you trust the Cue runner source, and only approve the research step when you are comfortable using Cue credits and your local Cue API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list is broad and loosely scoped (for example, generic macro and calendar terms), which can cause the skill to activate in conversations where the user did not clearly intend to invoke this capability. Unintended activation is especially relevant here because the skill can lead to external network access, repository cloning, and credit-consuming research workflows after follow-on steps.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal