Hk Stock Morning Report

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches a Hong Kong stock-report workflow, but it tells agents to send internal-labeled financial reports to WeChat and Feishu without clear recipient controls or send confirmation.

Review before installing in a bank or enterprise environment. Use it only where WeChat/Feishu delivery is approved, recipients are explicitly configured, and the agent asks before sending. Treat generated market data as requiring source verification; the helper script is partial and does not itself complete the full report or delivery workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs the agent to read and reuse local files (`references/...`, `stock_morning_report.md`) and to fetch external market/news data, which are file and network capabilities, but no permissions are declared. Undeclared capabilities make the skill's trust boundary unclear and can lead to unexpected data access or outbound requests without operator awareness, especially in an enterprise trading-desk context.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The documented behavior promises data sourcing, report generation, and external delivery, but the observed implementation does not actually perform several of those actions and instead relies on incomplete or external-agent completion. In a bank-facing reporting workflow, this mismatch is dangerous because users may trust that the report is complete, sourced, and delivered as specified when it is not, creating integrity, compliance, and operational risk.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger set includes broad phrases like '今日股市', which can easily appear in ordinary conversation and cause unintended activation. Because the skill is designed to gather external data and potentially forward reports, accidental triggering can lead to unnecessary network activity, file access, or message generation in contexts where the user did not intend to invoke the skill.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill describes collecting external data and pushing content to WeChat/Feishu, but it does not present a clear user-facing warning or consent mechanism for external transmission. In a financial-reporting context, silent outbound sharing increases the risk of leaking internal analysis, user prompts, or generated content to third-party services without adequate awareness or approval.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal