trading-agents.skill

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for stock research, but it should be reviewed because it broadly triggers a costly multi-agent workflow, writes multiple files, and runs local commands with user-derived ticker text without clear validation or overwrite safeguards.

Install only if you are comfortable with a local Python market-data workflow that uses web/data-provider access, launches many subagents, and writes reports into your workspace. Use simple ticker symbols, avoid sharing unnecessary private portfolio details, run it in a dedicated project/output folder, and treat the results as research rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to save multiple reports and compiled outputs to the workspace, which is a file-write capability, yet no corresponding permission is declared. Undeclared write behavior weakens reviewability and consent boundaries, and in an agent system this can enable unexpected artifact creation, overwriting of existing files, or persistence of sensitive intermediate data.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation criteria are very broad, covering many generic investment and stock-analysis requests and several trigger phrases. Overbroad triggering can cause the skill to engage unnecessarily, launching many subagents, external data fetches, and file writes without sufficiently narrow user intent, which increases cost, data exposure, and the chance of unsuitable financial recommendation workflows being invoked.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill instructs the agent to write output to `{OUTPUT_DIR}/sentiment_analysis.md` without any guardrails around filesystem access, path validation, or user confirmation. In an agent environment, implicit file-write instructions can lead to unintended overwrites or writes to sensitive locations if `OUTPUT_DIR` is attacker-controlled or misconfigured.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal