Security audit

Bank Market Research

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed market-research conversation skill with no executable code or hidden data access.

Before installing, understand that this skill may activate on broad market research or competitor analysis requests. Its reports should be reviewed by qualified banking or risk personnel, especially because the artifact itself says outputs are based on public information and judgment and are not investment advice or credit approval recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list contains very broad, generic market-research phrases such as industry analysis, market research, and competitor analysis. In a conversational skill system, these can cause overbroad or unintended activation on ordinary user requests, leading the skill to intercept prompts outside a clearly scoped boundary and potentially influence responses when the user did not explicitly invoke it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.