Security audit
Howard Marks' Second Level Thinking
Security checks across malware telemetry and agentic risk
Overview
This is a text-only investment analysis framework that asks the agent to research public financial data and does not request code execution, credentials, persistence, or hidden access.
Safe to install from a security perspective. It may cause the agent to search public financial sources and produce investment analysis, so verify cited data independently and treat outputs as decision support rather than financial advice.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.