News Fund Analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a fund-news analysis skill with a disclosed bundled search helper; it has privacy and financial-advice caveats but no hidden execution, credential access, persistence, or account-control behavior.

Install only if you are comfortable with fund-related queries being sent to public search engines. Do not provide brokerage credentials, account numbers, client-confidential information, or proprietary investment hypotheses. Treat any buy/sell or position-size output as general research, verify sources independently, and consult a qualified financial professional before trading.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The file documents a generic multi-search-engine skill, but the declared skill is for fund-news analysis and investment advice. This mismatch is dangerous because it can conceal undeclared capabilities, expand the agent's effective permissions or behavior beyond user expectations, and undermine trust and review controls; in a finance-related skill, hidden search capability can materially affect data sourcing and downstream advice.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The skill file declares and documents a generic multi-search-engine capability, while the surrounding skill metadata says this is a fund-news analysis and investment-advice skill. This mismatch is dangerous because it can conceal the real behavior of the skill from reviewers and users, enabling unexpected outbound search activity and tool use under an unrelated financial-analysis context.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The manifest advertises a generic multi-search-engine skill while the declared skill context is news-driven fund analysis and investment advice, indicating a significant identity and purpose mismatch. This kind of deceptive or mislabeled metadata can conceal unexpected capabilities, bypass review expectations, and cause users or downstream systems to invoke a broader search tool under the guise of a finance-analysis skill.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: This reference file is substantially broader than the declared skill purpose of fund/news analysis and effectively equips the agent with a general-purpose international search playbook. That scope expansion increases the chance of unauthorized capability use, data exfiltration assistance, or policy bypass through unrelated search workflows, especially in an investment-oriented skill where tool use should be tightly constrained.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The documentation advertises unrelated utility functions such as password generation, QR creation, Base64 handling, and UUID generation, which are not needed for analyzing fund movements. These extra capabilities can normalize off-mission behavior and enable misuse patterns such as encoding data, generating artifacts, or pivoting the skill into a more general utility agent.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The file promotes broad unrelated domains including programming, academic research, nutrition, mathematics, weather, barcode, and flight lookups, far beyond the stated investment-analysis role. In context, this creates capability drift: an agent intended to reason about funds and financial news is being furnished with instructions for expansive cross-domain querying, increasing attack surface and reducing predictability of behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill asks for holdings, investment horizon, and risk tolerance before presenting a prominent upfront warning that it provides general information only and is not personalized financial advice. Because the skill later gives explicit buy/hold/sell and position-sizing guidance, users may reasonably treat the output as tailored investment advice, increasing suitability, compliance, and user-harm risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs use of an external search skill to gather market and fund-related context, but does not warn users that their inputs may be transmitted to a third-party tool. If users provide fund holdings or other sensitive financial context, that information could be unnecessarily exposed beyond the primary system, creating privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The examples instruct use of web_fetch against multiple third-party search engines without warning that user queries will be transmitted externally. In a fund-analysis context, search terms may contain sensitive research interests, portfolio themes, client names, or proprietary investment hypotheses, causing unintended data leakage to external providers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal