Back to skill

Security audit

Security Ipo Strategy

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only IPO analysis skill with disclosed financial decision-support behavior and no evidence of hidden execution, data access, persistence, or exfiltration.

Use this as decision support only. It may help structure IPO analysis, but it can affect real investment decisions, so verify dates, prices, rules, issuer data, and regulatory updates independently and do not treat its output as personalized financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes very broad terms such as 'IPO investment', 'new listing', and 'listing performance', plus many generic Chinese finance phrases, without clear scope boundaries or activation constraints. This can cause the skill to activate in loosely related financial conversations, leading to unwanted interception of user intent, over-broad routing, or inappropriate investment-oriented responses in contexts that did not explicitly request this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.