Chen China Stock Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a simple stock-analysis instruction skill with no executable code, credential access, persistence, or hidden system behavior.

Reasonable to install from a security perspective. Before relying on it, verify prices and news with trusted financial sources, remember that buy/hold/sell output is not professional financial advice, and request an output language you understand.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is broad enough that it may be invoked for generic stock-analysis or investment-advice requests without tight routing boundaries. That can cause inappropriate auto-selection, increasing the chance the agent gives regulated financial guidance or uses this skill outside its intended market-specific context.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: The mandated Chinese-language output format overrides user language preference and can reduce transparency if the user does not read Chinese. In a financial-analysis context, language mismatch can cause misunderstanding of recommendations, risks, or disclaimers, making the output less safe and less usable.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal