上游材料股研究框架

Security checks across malware telemetry and agentic risk

Overview

This is a document-only investment research framework with no executable code, credential use, hidden persistence, or unrelated access.

Install this if you want a structured framework for upstream materials stock research. Verify all market data, expert-call claims, and analyst-report assumptions before relying on the output, and avoid providing non-public or restricted investment information unless you are authorized to use it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The manifest description and the entire skill content are written in Chinese, with no indication that users may interact in other languages or that Chinese is required for a region-specific or compliance-driven reason. Under the policy rule, forcing a specific language without user opt-in is a natural-language policy violation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal