Trading Agents 简化版

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock-analysis skill that fetches market data, runs multi-agent analysis, and saves local reports, with no evidence of hidden trading, exfiltration, or destructive behavior.

Install only if you are comfortable using a Tushare token from environment variables, allowing web/market-data lookups, and saving generated stock-analysis reports locally. Do not paste API keys, brokerage credentials, account balances, or private portfolio details into prompts, and treat BUY/SELL/HOLD output as research support rather than personalized financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The prompt simultaneously requires inclusion of all input reports in the final saved output while only broadly instructing the agent to redact sensitive content. In practice, this creates a high chance that secrets, private notes, or unsafe substrings from upstream agent outputs are copied into the persisted report because the exhaustive inclusion requirement conflicts with selective omission.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad enough to activate on common financial-advice requests, causing the skill to engage in high-impact investment recommendation workflows without clear user intent to invoke this specific capability. In context, this is more dangerous because the skill produces concrete BUY/SELL/HOLD outputs and can initiate external data access and multi-agent processing, increasing the chance of unintended financial advice delivery.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The output example and disclaimer sections strongly prescribe Chinese-language content, which can override or ignore the user's language preference and reduce transparency or informed consent for users expecting another language. In this skill's context, that is a real but lower-severity issue: the content is financial analysis, so language mismatch can cause misunderstanding of recommendations, risks, or disclaimers, though it is not directly a code-execution or credential-exfiltration flaw.

Ssd 3

Medium

Confidence: 95% confidence
Finding: Requiring the final saved report to contain all input reports and full debate history creates a direct data propagation channel from upstream agent outputs into long-term storage. Even with a redaction instruction, natural-language prompts are brittle and can miss secrets, proprietary text, or sensitive user data embedded in the copied reports, leading to inadvertent data leakage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal