macro-analysis

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese macroeconomic analysis skill with no code execution, credential access, network behavior, or persistence.

Install this if you want Chinese-language macro and A-share market analysis assistance. Treat any position or asset-allocation suggestions as general educational material, and do not share brokerage credentials, account details, or private financial data with it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation phrases include very common finance terms such as '宏观经济', '流动性', and '政策面', which can cause the skill to trigger in broad market conversations where the user did not explicitly request this framework. This is not a code-execution issue, but it can lead to unintended routing, lower-quality responses, and possible overshadowing of more appropriate skills.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The skill metadata and content are entirely Chinese-oriented and imply Chinese-language behavior without stating whether that restriction is intentional or offering fallback behavior. In multi-lingual environments, this can cause inappropriate activation or user-facing responses in the wrong language, which is a quality and policy-compliance risk rather than a direct security compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal