A股消息面分级解读

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only A-share news sentiment skill, but users should treat its trading suggestions as educational framing rather than financial advice.

Install this only if you want an A-share news interpretation framework. Do not rely on its buy, chase, or position-size language as financial advice, and verify news, market context, liquidity, and personal risk tolerance before making trades.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrase examples are very broad, especially short conversational inputs like “能追吗” and “这个利好是真的吗”, which can match ordinary market discussion without clear user intent to invoke this skill. In an agent environment, this can cause accidental invocation and unsolicited investment-style guidance, increasing the chance of inappropriate or mis-scoped financial advice.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill content is written entirely for a Chinese/A-share context and does not indicate any user opt-in for language or locale, so it may be invoked for users who did not request Chinese output or China-specific financial assumptions. While this is not directly code-execution dangerous, it can lead to misinterpretation, degraded UX, and inappropriate financial guidance if applied outside the intended market context.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal