Back to skill

Security audit

Alphagbm Compare

Security checks across malware telemetry and agentic risk

Overview

This is a simple stock/options comparison prompt skill with no executable code, persistence, credentials, or hidden data access.

Install only if you want finance-oriented stock/options comparison assistance. Use explicit ticker or options-comparison prompts to avoid accidental activation, and treat generated rankings or trade ideas as research support rather than financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list contains broad, common phrases such as "versus," "which is better," and "side by side" that are likely to appear in many unrelated user requests. This can cause unintended invocation of the skill, leading to irrelevant comparisons, incorrect routing, or accidental exposure of finance-oriented outputs in contexts where the user did not explicitly request this skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.