Back to skill

Security audit

nasdaq100-futures

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches Nasdaq-100 futures quotes from Yahoo Finance and does not show hidden access, persistence, credential use, or destructive behavior.

Install only if you are comfortable with the skill contacting Yahoo Finance and sending the requested ticker symbol there. Treat the returned quote as market data for display or analysis, not financial advice, and note that the summary message is in Chinese by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrase 'latest quote and change metrics' is broad enough that an agent may invoke this skill in loosely related financial contexts without clear user intent for Nasdaq-100 futures or Yahoo Finance data. Over-broad routing can cause unintended external requests, incorrect tool selection, and misleading outputs in sensitive financial workflows where precision matters.

Natural-Language Policy Violations

Medium
Confidence
74% confidence
Finding
Always returning a human-readable Chinese summary without user opt-in or locale detection can produce unexpected language output, causing confusion, misinterpretation, or downstream parsing issues in agents expecting English or structured-only responses. While not a direct code-execution issue, this can degrade reliability and create unsafe misunderstandings in financial contexts where users rely on exact presentation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.