Industrial Fund Investment Advisor

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent investment-analysis assistant, but it automatically saves analyses and reads or writes local memory in ways that could retain confidential deal information without clear user opt-in.

Review this skill before installing in any confidential investment workflow. It appears non-malicious and has no executable payload, but you should disable or modify automatic memory/history saving, avoid using it with non-public deal materials unless storage is explicitly approved, and require confirmation before external searches, exports, or Tencent Docs collaboration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to read and write self-improvement memory files before and after substantive work, which introduces persistent self-modification behavior outside the core investment-analysis role. This creates a channel for prompt persistence, contamination from prior tasks, and retention of sensitive project details that may later influence unrelated analyses.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill declares very broad trigger scenarios covering generic investment analysis, founder assessment, government招商 evaluation, competitor comparison, and report export. This can cause the agent to activate in situations beyond the user's intent, increasing the chance it performs consequential financial analysis or collects sensitive company data without clear scoping or consent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The description advertises xbrowser integration for accessing sources such as Qichacha and recruiting data, but does not warn users that external data access may occur. In a due-diligence context, silent browsing can expose confidential queries, process personal or corporate data, and create compliance/privacy issues, especially in regulated investment workflows.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs the agent to persist user-related context and performance lessons into local memory files without requiring explicit user consent, data minimization, or disclosure that files will be modified. This creates a privacy and integrity risk because sensitive user or project information may be stored indefinitely on disk and later reused outside the user's expectations.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to read from existing local `~/self-improving/` and memory files and append new content automatically before non-trivial tasks. That behavior can expose unrelated local data to the model and cause silent modification of user files, expanding the privacy risk and creating unintended cross-task data leakage.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The comparison mode trigger includes broad natural-language phrases such as '选哪个', which can activate alternate behavior unexpectedly in normal conversation. In a workflow that performs structured analysis, scoring, and persistence, unintended mode switches can lead to incorrect outputs, confusion, or accidental handling/saving of data under the wrong workflow.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill automatically saves every project analysis to memory files without an explicit user-facing warning or consent step. Because investment analysis may contain confidential company, founder, financial, and diligence information, silent persistence increases the risk of retaining sensitive data beyond the user's expectations and exposing it in future sessions or exports.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The document recommends using external search, export, and collaboration tools, but it does not warn that sensitive deal materials, founder PII, or user-uploaded documents may be transmitted to third-party services. In an investment-analysis context, this increases the risk of unintended disclosure of confidential business information and personal data during normal workflow use.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The instruction to write corrections, failed attempts, and reusable lessons into self-improving files can capture natural-language notes containing sensitive user, company, or transaction details. Because these notes are not constrained to a strict schema, they can also preserve adversarial prompt content that later re-enters the model context, compounding privacy and prompt-injection risk.

Ssd 3

Medium

Confidence: 97% confidence
Finding: Automatically saving every project analysis to memory files is dangerous in this context because the skill is designed for investment diligence, which often involves non-public financials, founder background checks, customer information, and strategic assessments. Persistent storage of these materials can create lasting confidentiality, privacy, and cross-session data leakage risks, especially if later analyses search memory files by default.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal