Ai Trading Consortium

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed stock-forecast and buy/sell/hold analysis helper that uses a third-party API key, without evidence of hidden trading, credential theft, or destructive behavior.

Install only if you are comfortable sending ticker-analysis prompts to SkillBoss with your API key. Treat its forecasts and buy/sell/hold output as informational, not financial advice, and verify important investment decisions independently.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger scope is overly broad for common finance-related phrases like stock analysis, trading decision, and buy/sell/hold recommendation, which can cause the skill to activate for a wide range of ordinary investment queries. In a system with multiple skills or safety controls, ambiguous invocation increases the chance of unintended routing, making the agent follow this skill's detailed trading workflow when a narrower or safer response would be more appropriate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal