ZJTJ-SAR四维选股策略

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only stock-selection strategy with real financial-risk caveats, but it contains no code execution, account access, credentials, persistence, or hidden behavior.

Install only if you want an educational short-term A-share stock-selection strategy. Treat the SAR condition as ambiguous until corrected, require confirmation before using it for generic stock-picking requests, and do not use it to make trades without independent financial review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The document’s natural-language explanation of the SAR condition contradicts the actual formula `SAR < C`. In a trading skill, this can cause users or downstream agents to execute the opposite of the intended trend filter, leading to incorrect buy signals and financial loss. The domain context increases risk because the skill is explicitly used to make market decisions.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases include broad language such as asking for a short-term stock pick, which can overlap with ordinary conversation and unintentionally invoke the skill. In a financial-advice context, accidental activation is more dangerous because it may surface trading guidance when the user did not explicitly request this specific strategy.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal