Huang Renxun Ai Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, text-only AI/NVIDIA strategy framework with some finance-style analysis templates, but no code, tools, persistence, credential access, or hidden execution.

Install only if you want an educational NVIDIA/Jensen Huang AI strategy and market-analysis framework. Do not rely on it for investment decisions, and verify any current market data, quotes, or company claims independently before using its outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill is advertised as a narrowly scoped Jensen Huang/NVIDIA strategy advisor, but the appendix introduces reusable generic market and investment analysis report templates. Even with repeated disclaimers, this broadens the effective capability into quasi-investment-advisory content and can cause the agent to produce domain outputs outside its declared purpose and safety boundary.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The trigger section claims the skill should activate only for Huang Renxun/NVIDIA-related topics, but later content provides generic AI market-analysis structures that can answer broader investment-style prompts. This mismatch weakens containment and increases the chance of scope drift, where the agent follows latent templates rather than the stated activation boundary.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal