Back to skill

Security audit

Stock Analyzer | 股票深度分析

Security checks across malware telemetry and agentic risk

Overview

This is a stock-analysis prompt skill that asks the agent to gather public financial data and produce a report, with no hidden code, persistence, or trading authority.

Reasonable to install if you want structured stock research assistance. Treat outputs as informational, verify financial figures and sources independently, and avoid sharing sensitive portfolio details unless you are comfortable with the agent using external finance sites or APIs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are generic investment-related requests such as asking whether a stock is worth buying, which are common in ordinary conversation and can cause the skill to activate unintentionally. In this skill, accidental activation is more sensitive because it instructs the agent to use external tools like exec + curl, web_fetch, and browser, increasing the chance of unnecessary network access and unintended financial-advice style outputs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.