Find Profitable Stocks

Security checks across malware telemetry and agentic risk

Overview

This is a simple stock-analysis instruction skill that uses public market data and shows no hidden code, credential access, persistence, or trading authority.

Before installing, understand that stock symbols or screening requests may be sent to public financial-data APIs, and offline operation may return demo or mock data. Verify whether results are live or demo data and independently check financial metrics before making investment decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrase "帮我选几只优质股票" is broad enough to match many generic investment-related requests, which could cause the skill to activate when the user did not specifically ask for free-cash-flow analysis. In a finance context, unintended invocation can misroute the conversation, produce unsolicited stock recommendations, and increase the chance of inappropriate or overconfident financial guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal