Back to skill

Security audit

A Share Fact Check

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, read-only finance fact-checking skill that audits Chinese listed-company investment content against public official sources.

Installers should understand that this skill may search public financial-disclosure and market-data websites and may use optional read-only data tools if configured. Treat its reports as public-information consistency checks, not investment advice or a substitute for professional due diligence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation scope is written broadly enough to capture generic 'fact-check this content' requests, not just China-listed-company disclosure verification. In a multi-skill environment, this can cause misrouting: users may be sent into a workflow that applies financial-disclosure-specific rules, data sources, and exclusions to unrelated content, producing incorrect or incomplete analysis with undue confidence.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The skill is specified as Chinese-only without offering language negotiation or documenting that responses may be adapted to the user's language. This can lead to usability and comprehension failures, especially when the user provides English or bilingual material, increasing the risk that caveats, limitations, or verification outcomes are misunderstood.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.