Einstein Research Suite

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed financial research skill pack with no executable code, but users should treat outputs as informational and review the child skills before installing them.

Install only if you are comfortable using market research prompts and indicators as educational inputs, not as financial advice. Review each included child skill before installing all 11, especially any that read portfolio files, CSVs, or produce trading-related recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README markets the suite as a professional-grade trading and investing toolkit and encourages users to rely on its signals, but it does not include any clear disclaimer that outputs are informational and not financial advice. In a financial decision-support context, this omission can cause users to over-trust model output and act on risky recommendations without understanding limitations, suitability, or regulatory boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal