A股三层选股模型

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed A-share stock-screening skill that gives trading-style suggestions, with no evidence of hidden access, persistence, credential use, or account actions.

Install only if you intentionally want an A-share screener that may produce specific trading-plan suggestions. Treat results as informational, verify data freshness and assumptions independently, and do not rely on it as personalized or regulated financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases are broad enough to match generic requests like '选股' or '帮我看看有哪些好股', which can cause the skill to activate in contexts where the user did not intend this specific high-risk investment workflow. Because the skill outputs concrete buy/sell timing and position advice, accidental invocation increases the chance of unsuitable or unauthorized financial guidance.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill directs the agent to produce precise buy ranges, stop-loss prices, targets, and position sizing, but does not require any risk disclosure, suitability check, or warning that the output is not personalized financial advice. In a financial skill, this context makes the omission more dangerous because users may act on the recommendations directly and incur significant monetary loss.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal