Youtube Notification Analysis

Security checks across malware telemetry and agentic risk

Overview

The skill is open about analyzing YouTube finance content, but it also tells the agent to execute trades without clear user approval or limits.

Install only if you intend to supervise it closely. Do not allow it to place trades automatically; require a separate confirmation that names the account, symbol, side, quantity, order type, and risk. Verify yt-dlp and whisper-cpp locally before use, and treat YouTube-derived financial claims as untrusted research input, not trading instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description includes broad activation cues such as investment advice, stock, crypto, financial content, subtitle retrieval, and trade execution, which can cause the skill to trigger in situations beyond the user's precise intent. In this context, the overbroad scope is more dangerous because the skill chains content extraction from YouTube directly into trade execution, increasing the chance of unintended high-risk financial actions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The workflow proceeds from analyzing YouTube notifications to executing trades without requiring a clear warning, suitability check, or explicit user confirmation. This is dangerous because unverified social/media content can be inaccurate, manipulative, or time-sensitive, and automatic trading based on it can directly cause financial loss or enable market-manipulation-driven behavior.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill forces subtitle/transcription processing in specific languages (zh-Hans, en, and ZH for whisper) without checking the user's preference or the video's actual language. This can lead to inaccurate transcription and misinterpretation of financial content, which is particularly risky here because the output is used for investment analysis and may influence trading decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal