Daily Market Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a market-briefing skill that searches public market information and produces an informational report, with no evidence of hidden execution, credential access, persistence, trading, or data exfiltration.

Install this if you want a Chinese daily market recap tool. Treat its investment suggestions as informational only, verify market data and sources independently, and invoke it explicitly when you want this workflow to avoid accidental market-advice responses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description is broad enough to capture many ordinary market-related requests, which can cause the agent to invoke this skill when the user did not explicitly ask for a daily market recap. That creates scope hijacking risk: the skill may override more appropriate tools or user preferences and steer responses into investment-oriented output unnecessarily.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: Forcing Chinese as the primary output language without user opt-in can override the user's stated language preference or the system's locale expectations. While not directly enabling code execution or data exfiltration, it can degrade reliability, confuse users, and create policy-compliance issues in multilingual environments.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal