Trade Journal Coach

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local trade-journal coaching skill that analyzes user-provided trades and does not show broker access, data exfiltration, persistence, or account-changing behavior.

Install this only if you want Chinese-language local coaching on trade records. Share only the trades needed for the review, do not provide broker credentials or API keys, and treat the output as reflective coaching rather than investment advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The example trigger phrases are very broad conversational inputs such as asking for help reviewing trades or expressing emotional distress after losses. In an agent-routing system, these generic phrases can cause the skill to activate in contexts where the user did not explicitly request this specialized behavior, leading to unintended processing of sensitive financial and emotional data and potentially displacing safer or more appropriate skills.

Natural-Language Policy Violations

Medium

Confidence: 87% confidence
Finding: The skill content is written entirely in Chinese and does not offer any language negotiation or fallback behavior. In multilingual environments, forced language output can confuse users, cause them to misunderstand risk-related guidance or constraints, and increase the chance of incorrect financial decisions or mishandled emotional-support interactions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal