Investment Daily Report

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed investment-report generator that queries market data and writes a Markdown report, with no evidence of hidden credential use, persistence, or destructive behavior.

Before running it, expect the script to contact NeoData through a local gateway and write or overwrite the report path you choose. Avoid supplying private portfolio data unless a future version clearly documents how account-linked data is handled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states it uses networked data sources and may integrate Trade Arena holding/PnL tracking, but it does not clearly disclose to users that running the skill can send market queries and potentially configured portfolio-related data to external services. In a finance context, holdings and watchlist activity can be sensitive, so lack of transparent notice creates privacy and data-governance risk even if the behavior is intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal