Security audit

A Stock Digest

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed A-share stock briefing and alert skill whose local files and scheduled-report behavior match its stated purpose.

Before installing, understand that the skill may guide an agent to run a local Python helper and read or write report files under ~/a-digest. Enable any cron or alert workflow only if you expect automatic market reports, and inspect the referenced local helper script if it exists on your machine.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill’s activation criteria are very broad: any request about A-share daily reports, market hotspots, signals, scheduled tasks, or intraday alerts could trigger it. Over-broad invocation increases the chance of unintended execution, especially for autonomous agents, which can lead to unexpected market-analysis actions or report generation without clear user intent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents local filesystem usage and automated scheduled output generation under ~/a-digest without any disclosure, consent, retention policy, or guardrails. In an agent environment, silent reads/writes and cron-driven report generation can expose local data, create unintended persistence, or overwrite files in ways the user does not expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal