Back to skill

Security audit

Alphagbm Buffett Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock-analysis skill that applies a Buffett-style scorecard and does not contain executable code or hidden system access.

Before installing, understand that this is a financial research aid using a mechanical Buffett-style framework, not personalized investment advice. Watch for accidental activation on broad investing questions, and expect API usage to consume one stock-analysis credit per uncached ticker call.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad natural-language phrases such as 'fair price vs bonds' and 'long-term hold analysis' that can overlap with general investing requests outside this skill's narrowly defined Buffett scorecard purpose. In agent routing systems, overly broad triggers can cause this skill to activate on unrelated prompts, leading to mis-scoped financial analysis, user confusion, or inappropriate tool/API usage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.