factorlang-expression

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-style FactorLang trading-expression reference skill with no code or install-time privileges, though users should control any optional MCP/backtesting tool use.

Install only if you want FactorLang-specific trading-expression help. If your agent has access to an MCP trading or backtesting service, require explicit confirmation before it runs any expression or strategy request, and review generated strategy formulas yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill goes beyond passive documentation and instructs the agent how to invoke an MCP execution/backtesting function with concrete parameters. That creates a capability-escalation risk: a user asking for help with expressions could indirectly trigger operational actions or simulated trading workflows the skill was not supposed to autonomously perform.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The metadata presents the file as a reference manual derived from original documentation, but the body embeds prescriptive AI behavior rules and MCP call instructions. This mismatch can mislead the orchestrator or reviewer about the skill's real behavior, making hidden operational guidance more likely to be trusted and auto-applied.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The activation description covers broad tasks like writing expressions, strategy development, query syntax, and designing trading strategies, which are common requests with fuzzy boundaries. Overbroad matching increases the chance the skill is invoked in contexts where it injects rigid rules or operational behavior the user did not ask for.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The automatic invocation guidance says the skill should be automatically called whenever users need expression writing, strategy development, query syntax, or strategy design, but provides no exclusion conditions. In an agent setting, this can cause unnecessary or inappropriate activation and increase the chance of tool-instruction leakage into unrelated conversations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal