The Titan Scalper IDX

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed IDX trading-analysis skill made of educational markdown, with no evidence of code execution, data access, persistence, or hidden behavior.

Install only if you want educational IDX intraday/scalping analysis. Treat outputs as trading opinions, not financial advice or automated trade instructions, and explicitly ask the agent to use your preferred language and confirm IDX context, entry, stop-loss, and risk assumptions before relying on any analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger description is broad enough that the skill may activate for generic trading or momentum questions that are not specifically requesting this IDX scalping workflow. Unintended activation can cause the agent to apply narrow, high-risk day-trading guidance in the wrong context, overriding more suitable general or safety-oriented behavior.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill hard-codes Indonesian-language persona and response behavior without checking the user's language preference. This can reduce usability, cause misunderstanding of risk-critical trading instructions, and increase the chance of user error when discussing entry, cut-loss, and target levels.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal