Security audit

a-share-market-sweep

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed A-share market analysis workflow with no executable code, persistence, credential handling, or hidden install behavior found.

Install only if you want an agent to fetch and synthesize current A-share market data for market reviews, sector rotation, watchlists, or trading framework drafts. Treat outputs as analysis support rather than financial advice, and be aware it may use web or stock-data tools when invoked.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The default prompt is broadly worded and does not define when the skill should or should not be invoked, which can cause an agent to trigger it in contexts the user did not clearly request. In a market-analysis skill that performs broad data gathering and synthesis, this ambiguity can lead to unnecessary tool use, overcollection of market context, or user-intent drift rather than direct code execution risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal