AI金融分析师

Security checks across malware telemetry and agentic risk

Overview

This is a simple finance-analysis prompt skill with no code or external access, but users should treat its outputs as informational rather than investment advice.

Install only if you want a finance-analysis assistant. It should be used for research and education, not as a substitute for licensed financial advice, current market data, or your own investment decision-making.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The example trigger phrase at line 58 is very broad and could be invoked by ordinary user requests that mention analyzing an investment, causing the skill to activate unexpectedly. In a finance context, accidental activation matters because the skill may provide investment-oriented guidance in situations where the user did not explicitly intend to use this specialized workflow.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrase at line 59 is ambiguous and broad enough to overlap with common financial questions, which increases the chance of unintended skill activation. Because this skill covers portfolio optimization and valuation, misrouting could lead users to receive domain-specific financial outputs without clearly opting into this skill.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal