investoday-stock-market-broadcast

Security checks across malware telemetry and agentic risk

Overview

This is a market recap skill that uses public A-share market data and does not include hidden code, local access, credential handling, or persistence.

Install this if you want structured A-share market recaps and are comfortable with the separate investoday-finance-data skill supplying live public market data. Treat the output as informational commentary, not investment advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are very broad and map to common finance conversation such as '市场怎么样' and '盘面总结', which can cause the skill to activate when a user did not specifically intend to request this workflow. That creates routing ambiguity and can lead to unintended tool use, irrelevant finance outputs, or interference with other more suitable skills.

Vague Triggers

Low

Confidence: 81% confidence
Finding: The activation scenarios are described broadly and rely on general user intents like asking whether the market is strong or where the hotspots are, without clear boundaries for when this skill should yield to adjacent finance skills. In a multi-skill agent, this increases the chance of misrouting and inappropriate invocation, though the impact is limited because the skill only accesses public market data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal