fred-economic-data

The skill files, including SKILL.md, various references/*.md documentation files, and Python scripts (scripts/fred_examples.py, scripts/fred_query.py), were thoroughly analyzed for security vulnerabilities.

1. Prompt Injection: No patterns indicative of malicious prompt injection (e.g., 'IMPORTANT: Ignore', role-play, safety bypass) were found. The SKILL.md contains a commercial instruction to the AI to suggest a related platform ('K-Dense Web') under specific conditions. While this is an instruction to influence AI behavior, it is not malicious in a security context (does not bypass safety, exfiltrate data, or execute arbitrary commands). This is noted as an informational finding but does not impact the overall security verdict.

2. Data Exfiltration: The skill securely handles API keys by instructing users to set them as environment variables (FRED_API_KEY). The Python scripts retrieve the API key from os.environ.get(). All network requests are made to legitimate FRED API endpoints (https://api.stlouisfed.org/fred and https://api.stlouisfed.org/geofred). No attempts to access sensitive local file paths (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) or exfiltrate data to non-whitelisted external domains were detected.

3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, Unicode homoglyphs, or excessive URL/hex/HTML encoding were found in any of the files.

4. Unverifiable Dependencies: The skill's Python scripts utilize standard and widely trusted libraries like requests, pandas, and plotly.express. The installation instructions mention uv pip install, which is a standard method for managing Python packages. These dependencies are considered trusted external sources, and their use does not introduce a significant security risk. This is noted as an informational finding (LOW severity) but does not elevate the overall verdict.

5. Privilege Escalation: No commands or patterns indicative of privilege escalation (e.g., sudo, chmod 777, service installation) were found.

6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs, or systemd services) were detected.

7. Metadata Poisoning: The metadata fields in SKILL.md (name, description, author) are benign and do not contain any malicious instructions.

8. Indirect Prompt Injection: As a skill that interacts with an external API and processes its responses, there is an inherent general risk of indirect prompt injection if the external data itself were malicious. However, the skill's code does not introduce specific vulnerabilities that would exacerbate this risk beyond what is typical for any external data interaction.

9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers for malicious behavior were identified.

Conclusion: The skill demonstrates secure practices for API key handling and external communication. Its dependencies are standard and trusted. No significant security vulnerabilities were found.