Security Analysis: Sixth Edition

Security checks across malware telemetry and agentic risk

Overview

This appears to be a finance/value-investing guidance skill with no evidence of malware, credential access, persistence, or destructive behavior.

Install this only if you want the agent to apply this investing/security-analysis framework. Because it may activate on broad finance terms, be explicit when you want general financial discussion instead, and do not treat its output as personalized financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The skill advertises activation on very broad terms like 'investment', 'management', 'earnings', 'stock market', and 'security analysis', which are common in ordinary finance conversations and could cause the skill to trigger when the user did not intend to invoke it. This creates prompt-scope confusion and increases the chance the assistant follows skill-specific behavior in unrelated contexts, especially because the skill also instructs proactive behavior on first load and rigid output formatting.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal