A股综合分析报告

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates local A-share stock analysis reports using disclosed market-data sources, with no evidence of hidden execution, exfiltration, or account-changing behavior.

Install only if you are comfortable running Python scripts that fetch public market data and writing local report files. Do not treat the generated buy/sell, target-price, or stop-loss content as personalized financial advice, and verify data freshness and sources before making investment decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill generates concrete short-term and mid-term buy/sell-style recommendations, target prices, stop-loss levels, and timing judgments without any visible risk disclosure or suitability warning. While not a classic system-compromise issue, this is a safety/compliance vulnerability because users may rely on authoritative-seeming financial advice without understanding uncertainty, conflicts, or the need for independent judgment.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal