Ai Intelligent Demand Forecasting

Security checks across malware telemetry and agentic risk

Overview

This is a simple demand-forecasting skill description with no included executable code, but users should review the external repository before running it.

Treat forecasts and replenishment output as advisory unless a human approves purchasing decisions. Before installing, inspect the external GitHub repository, requirements.txt, and app.py, and run it in an isolated environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Low

Confidence: 88% confidence
Finding: The skill description is generic and lacks clear activation boundaries, inputs, and operational constraints. In an agent ecosystem, vague scope increases the chance the skill is invoked in inappropriate contexts or used with insufficient guardrails, especially for business decisions like forecasting and replenishment.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises automatic replenishment but provides no warning that inventory actions can have real financial and operational consequences. Without human approval requirements, confidence thresholds, or exception handling, users or agents may over-trust the skill and trigger harmful overstocking, stockouts, or unnecessary purchasing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal