Tradingagents Cn Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese stock-analysis skill that searches public market information and creates local reports, with privacy and financial-reliance caveats but no artifact-backed malicious behavior.

Install only if you want a Chinese-language stock-analysis/report workflow that may use OCR, web search, local logs, and generated PDFs. Do not provide brokerage-account screenshots, private portfolio details, or proprietary trading information unless you are comfortable with those details being processed and retained locally; treat all buy/sell output as informational, not regulated financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly states that every step's input, output, and validation result is written to log files, but it does not warn that these logs may contain user-supplied stock analysis requests, screenshots/code-derived content, or externally retrieved news/social data. In a skill that processes potentially sensitive user inputs and aggregates third-party content, verbose logging increases the risk of unintended retention, exposure, or secondary disclosure of data through local files or support artifacts.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger conditions are broad enough to match ordinary requests about stocks, screenshots, code analysis, technical analysis, or buy/sell advice, which can cause the skill to activate unexpectedly. In this skill, unexpected activation is more concerning because activation leads to logging, web searches, multi-step LLM processing, and file generation, so accidental invocation expands data exposure and side effects.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly logs each analysis to a timestamped file and preserves outputs across steps, but does not warn the user beforehand that their provided text, OCR content, analysis traces, and possibly investment-related inputs will be written to disk. Silent persistence of potentially sensitive financial or personal data creates privacy and retention risk, especially when users may assume a transient analysis flow.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The skill performs multiple web searches using the stock code and stock name without clearly warning the user that their request context will be sent to external services. While the queries are mainly stock-related, user-supplied inputs may include proprietary watchlists, screenshots, or sensitive context that gets transformed into external search terms or derived analysis.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This prompt template gives concrete investment guidance, including position sizing, drawdown tolerance, take-profit levels, and target returns, but provides no warning that the output is not financial advice and may materially affect a user's finances. In the context of a stock-analysis skill explicitly meant to generate trading recommendations, this increases the likelihood that users will treat the output as actionable advice and incur financial loss.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The prompt hard-codes Chinese-only output without indicating that this is conditional on user preference or locale. In an agent skill, this can override user intent, reduce transparency, and create safety/usability issues if the user cannot read the response or if downstream systems expect another language.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This prompt generates concrete buy/sell plans with exact entry, target, and stop-loss values, but it does not require any user-facing warning that the output is financial analysis rather than regulated investment advice. In this skill's context, the omission is meaningful because the agent is explicitly designed to influence trading decisions and produce professional-looking reports, which can increase user reliance and amplify harm from incorrect or overly authoritative recommendations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: On validation failure, the script logs the first 500 characters of raw LLM output to disk. In this skill, LLM output may contain user-provided stock screenshots, extracted financial data, prompts, or other sensitive content, so persisting raw content without disclosure or minimization creates a privacy and data-handling risk if log files are accessed by other users, operators, or included in backups.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: On successful validation, the script writes the cleaned JSON output to a persistent log file. Because this skill generates investment analyses and may process user-supplied data, these logs can retain sensitive or proprietary content beyond the immediate task, increasing exposure through local disk access, shared environments, or backups.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The instructions tell the agent to reveal the internal log file path to the user after processing. Exposing internal storage paths leaks implementation details and may direct users or downstream components toward files containing raw inputs, intermediate reasoning artifacts, and other persisted data, increasing the chance of unintended disclosure or path misuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal