A Share Glossary Tutor

Security checks across malware telemetry and agentic risk

Overview

This is a narrow stock-glossary tutoring skill that saves local study notes, with no evidence of hidden network access, credential use, or destructive behavior.

Install this if you are comfortable with the skill adding or updating entries in `notes/stocks/glossary.md`. Review that file if it already contains important notes, and ask the agent not to save notes when you only want a one-off explanation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs automatic persistence to a local file (`notes/stocks/glossary.md`) without any user confirmation, opt-in, or warning that the interaction will modify workspace state. In an agent setting, silent writes can create unintended data retention, leak sensitive user inputs into notes, or be abused to plant misleading content in files the user did not expect to change.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal