Invest

Security checks across malware telemetry and agentic risk

Overview

This is a text-only investing education skill with clear limits and no code execution, account access, or hidden data handling.

Reasonable to install as an educational reference. Treat it as general information only, verify current investing and tax rules with official sources, and consult a qualified financial or tax professional before making real investment decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation text includes broad conditions like "general investing questions" and "common investing concepts," which do not clearly bound when the skill should or should not activate. Without a more specific trigger list or exclusion examples, the skill could be invoked for ordinary financial discussion beyond the intended scope.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal