Macro Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a benign macroeconomic analysis helper, but its examples depend on separate local finance and trading scripts that users should trust before running.

Install only if you want Chinese-language macroeconomic analysis workflows. Before running the examples, confirm that the referenced local scripts, trading-quant skill, akshare-finance scripts, and AKShare dependency are trusted and installed from sources you accept.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill manifest presents a narrowly scoped macroeconomic data tool, but the body expands into stock earnings, industry aggregation, and cross-skill global market workflows. This scope drift can mislead an agent into invoking unrelated tools or datasets under false assumptions, weakening trust boundaries and increasing the chance of unauthorized or unintended capability use.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The data acquisition section mixes in commands from other skills and non-macro datasets while presenting them as part of this skill. In an agent setting, this can cause tool confusion, accidental cross-skill execution, and privilege/scope violations because the operator may believe all listed commands are sanctioned by the current skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal