Datayes Stock Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed markdown-only stock research skill that uses Datayes market-data tools to produce reports, with no evidence of hidden execution, persistence, or data theft.

Install this only if you want a Datayes-based stock report workflow. Be aware it may activate on broad stock questions, and do not rely on its report, ratings, or technical signals as personalized investment advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase "这只股票值不值得买？" is broad enough to match ordinary conversational investment questions and can cause the skill to auto-activate in situations where the user did not explicitly request a full stock-analysis workflow. In a finance context, overly broad triggering is more sensitive because it can steer users into quasi-investment-advice interactions and cause unintended tool use or overconfident analytical output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal