场内基金溢价率查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent finance lookup tool that fetches public ETF/LOF/QDII pricing data and prints premium-rate analysis without credentials, persistence, or local data access.

Install only if you are comfortable with the skill making outbound requests to public finance data providers when you ask for fund premium analysis. Treat its results as informational market-data calculations, not financial advice, and be aware that broad trigger terms may activate it for some general finance prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes broad terms such as “套利” and the English phrase “premium rate,” which can plausibly appear in unrelated finance conversations and cause unintended activation. In an agent setting, overly generic triggers can route user requests to the wrong skill, causing confusion, unintended network access, or disclosure of irrelevant financial analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal