Back to skill

Security audit

Follow-Through Day (FTD) Detector

Security checks across malware telemetry and agentic risk

Overview

This is a coherent market-analysis skill that gives investment-timing guidance but does not trade, access accounts, hide behavior, or perform destructive actions.

Install this only if you want a market-timing research tool. Use a dedicated Python environment, provide an FMP API key only if needed, review generated reports before acting, and treat all exposure ranges as informational analysis rather than personalized financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description and usage guidance are broad enough that the skill could be invoked for common market-related questions such as whether it is safe to increase equity exposure or whether a bounce is meaningful. In an agentic system, over-broad triggering can cause inappropriate routing, unintended financial guidance, or execution of downstream tooling in contexts where the user did not explicitly request this analysis.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code generates direct trading advice such as 'Aggressively increase exposure to 75-100%' without any user-facing warning that this is informational, probabilistic, and not financial advice. In a skill explicitly intended to tell users when it is safe to increase equity exposure, this creates real risk of harmful overreliance, especially because the language is prescriptive and the model may present it with unwarranted certainty.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.