因子投资

Security checks across malware telemetry and agentic risk

Overview

This is a text-only stock-analysis helper with no code or account access, but it gives concrete trading suggestions that users should treat as informational only.

Install only if you want an agent to generate stock screening and trading-analysis reports. Independently verify market data, do not treat outputs as personalized financial advice, and remove the embedded 600905 holding unless it matches your own intended context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill provides concrete trading actions, position sizing, stop-loss/take-profit thresholds, and even a specific holding recommendation without any visible disclaimer, suitability check, or warning about financial risk. In an agent setting, users may treat this as authoritative personalized advice, increasing the chance of financial harm from over-reliance on the system's outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal