Back to skill

Security audit

Jinjiancheng Skill

Security checks across malware telemetry and agentic risk

Overview

This is a text-only investment-analysis skill that can influence financial decisions but does not execute trades, request credentials, or hide privileged behavior.

Install only if you want an agent to provide market-analysis framing for stocks, ETFs, and portfolio rotation. Do not treat its output as licensed financial advice or an instruction to trade; verify prices, news, suitability, taxes, and risk independently. Avoid sharing unnecessary private portfolio details in search queries, and enable the optional Longbridge MCP connection only if you trust that provider and understand its permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README presents concrete investment strategy examples, buy/sell timing language, and trigger phrases that encourage users to rely on the skill for portfolio decisions, but it does not clearly disclose that outputs are informational only and not financial advice. In a finance-focused skill, this omission increases the risk that users treat generated guidance as personalized advice, potentially leading to harmful trading decisions and legal/compliance exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.