A股基本面筛选

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language A-share stock screening helper with no executable code or hidden system access.

Install this only if you want a Chinese-language A-share fundamental screening aid. Treat outputs as preliminary financial analysis, verify market data independently, and ask explicitly when you want broader investment context rather than this fixed screening checklist.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrases are broad, everyday investing questions such as whether a stock is fundamentally good or risky, which can overlap with normal conversation and cause the skill to activate unexpectedly. In an investment context, unintended invocation can steer users into a narrow screening workflow without clear consent, increasing the chance of inappropriate financial guidance or overconfident recommendations.

Natural-Language Policy Violations

Medium

Confidence: 68% confidence
Finding: The skill content is entirely in Chinese and does not indicate any language fallback or user-choice mechanism, which can make behavior opaque for users operating in other languages. While not directly a code-execution issue, this can impair informed consent and increase the risk that users misunderstand screening criteria or outputs in a sensitive financial-decision context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal