Yicai

Security checks across malware telemetry and agentic risk

Overview

This skill only guides an agent to browse and summarize public Yicai financial news pages, with no code, credentials, persistence, or privileged access.

Install it if you want your agent to summarize public Yicai news. Keep prompts specific, verify important financial details against original links, and do not use it for bulk scraping or automated collection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The description says the skill should be invoked whenever the agent needs to access or automate any First Financial-related content, which is broader than the narrowly scoped capabilities described later in the file. Overly broad activation can cause the agent to select this skill in unintended contexts, leading to unnecessary web access, over-collection of third-party content, or execution of automation beyond the user’s actual request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal