A股个股诊断 (A-Share Stock Diagnosis)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed A-share stock analysis skill with no executable code or hidden system access, but its investment recommendations should be treated cautiously.

Install only if you want the agent to provide structured A-share stock analysis. Verify data independently, treat outputs as informational rather than personalized financial advice, and be aware that broad stock questions may trigger rating and buy/sell-style recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad enough to activate on generic stock or investment questions, which increases the chance the skill is invoked when the user did not explicitly request this specific analysis workflow. In this skill, that matters because the output includes prescriptive investment ratings and action recommendations, so over-triggering can lead to unrequested financial advice being surfaced.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill generates star ratings and buy/hold/sell recommendations but does not include any warning that the content is informational, may be incomplete or stale, and is not personalized financial advice. In a financial context, this can mislead users into treating the output as actionable investment guidance without understanding uncertainty, suitability, or risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal