CN Stock Analyst 股票智能分析师

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only stock analysis skill that fetches public market data and produces reports, with no evidence of hidden code, credential use, persistence, or trading authority.

Install this only if you want stock-analysis reports and are comfortable with the agent fetching public market data from third-party finance sites. For ambiguous finance questions, ask the agent to confirm before using the skill, and do not rely on its ratings, target prices, or stop-loss suggestions as financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad enough that normal conversation about stocks or even casual mentions of terms like 'MACD', 'RSI', or '帮我分析XX' could activate the skill unintentionally. In a financial-analysis context, accidental invocation is more serious than usual because the skill may produce investment-oriented guidance or fetch external market data when the user did not explicitly request that behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal