Security audit

Shareholder Value

Security checks across malware telemetry and agentic risk

Overview

This is a plain financial-analysis prompt skill with no code or privileged access; the main caveat is that its broad finance triggers could activate more often than intended.

Reasonable to install from an agent-security perspective. Treat outputs as financial-analysis assistance, not investment advice; verify assumptions, formulas, market data, and recommendations before using them for real capital allocation decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad generic finance terms such as "valuation" and "capital allocation," which can cause the skill to activate for many unrelated financial-analysis requests. In this context, the result is primarily misrouting or over-invocation rather than direct security compromise, but it can still degrade agent reliability and expose users to unintended outputs.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal