赵克常老师SKILL

Security checks across malware telemetry and agentic risk

Overview

This is a text-only investment analysis framework with no code execution, credentials, persistence, or hidden data handling, though users should treat its financial outputs as educational rather than advice.

Install only if you want an educational investment research framework. Verify market data independently, do not provide brokerage credentials, and make any trading decisions yourself or with a qualified financial professional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill's trigger description is very broad, covering many common investing tasks such as stock analysis, portfolio review, industry assessment, macro analysis, and trading support. In an agent system, this can cause over-triggering and unintended routing, leading users to receive speculative financial guidance in contexts where a narrower or more appropriate skill should apply.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal