One Up On Wall Street

Security checks across malware telemetry and agentic risk

Overview

This is a text-only investing education skill with some financial-advice caveats, but no code, credentials, persistence, or account-changing behavior.

Install only if you want a Peter Lynch-style investing coach. Treat its stock and allocation suggestions as educational prompts, not personalized financial advice, and verify any portfolio decisions with independent research or a qualified advisor.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The skill claims fidelity to Peter Lynch's framework, but the expected output adds specific portfolio allocation advice ('80% index funds, 20% individual stocks') that is not supported by the provided references. In a financial-advice context, unsupported guidance can mislead users into acting on fabricated or overstated authority, increasing the risk of harmful decisions.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list is broad enough to match routine investing discussions, which can cause the skill to activate when the user did not intend to invoke this specific framework. In practice, that can steer conversations toward prescriptive financial content and bypass more appropriate general-purpose or safety-constrained handling for ambiguous requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal