Back to skill

Security audit

张氏财报分析实战操作手册-零会计基础极速排雷

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable financial analysis guide; its main caveat is that automatic public financial-data retrieval is not fully described.

Before installing, be aware that if you do not provide financial data, the agent may try to retrieve public company data from unspecified sources. Provide the data yourself in restricted environments, avoid submitting confidential or non-public reports, and verify any financial or investment conclusions independently.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill explicitly states it will automatically obtain public financial data when the user does not supply data, but it does not disclose that a network fetch or external data access may occur. Undisclosed external retrieval can surprise users, create privacy or compliance issues in restricted environments, and cause the agent to act beyond the user's expected scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.