Back to skill

Security audit

Chen China Stock Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a simple stock-analysis instruction skill with no executable code, credential access, persistence, or hidden system behavior.

Reasonable to install from a security perspective. Before relying on it, verify prices and news with trusted financial sources, remember that buy/hold/sell output is not professional financial advice, and request an output language you understand.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough that it may be invoked for generic stock-analysis or investment-advice requests without tight routing boundaries. That can cause inappropriate auto-selection, increasing the chance the agent gives regulated financial guidance or uses this skill outside its intended market-specific context.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The mandated Chinese-language output format overrides user language preference and can reduce transparency if the user does not read Chinese. In a financial-analysis context, language mismatch can cause misunderstanding of recommendations, risks, or disclaimers, making the output less safe and less usable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.