Back to skill

Security audit

Security Bond Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a finance reference skill for bond analysis, with no executable install behavior or hidden access requests.

Reasonable to install as an educational bond-analysis aid. Verify current market, issuer, rating, and regulatory information from trusted sources before relying on outputs, and consider narrower triggers if you only want explicit bond-analysis prompts to use this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is broad enough to match many normal finance conversations, which can cause the skill to activate outside its intended scope. Overbroad activation increases the chance of unsolicited domain steering, user confusion, and accidental application of specialized financial workflows in contexts where the user did not request them.

Natural-Language Policy Violations

Low
Confidence
84% confidence
Finding
The skill states that Chinese triggers are prioritized without clear user preference or opt-in. This can cause the system to route or respond in a language mode the user did not request, reducing usability and potentially creating misunderstandings in a finance context where precision matters.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.