Phoenix Iterate

Security checks across malware telemetry and agentic risk

Overview

Phoenix Iterate is a disclosed QuantConnect strategy-iteration helper that keeps local notes and delegates backtest work to companion tools, with no evidence of hidden or destructive behavior.

Install only if you are comfortable with an agent coordinating local strategy files and QuantConnect backtest workflows. Review the companion skills separately, pin dependencies if reproducibility matters, and require confirmation before any backtest submission or persistent memory update.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The invocation phrases are broad enough to trigger during normal strategic discussion, which can cause the orchestrator to activate unexpectedly and begin a workflow involving file reads, file writes, and backtest-related command execution. In an agent environment, overbroad triggers increase the chance of unintended side effects and can be abused through prompt phrasing to steer the system into running tooling when the user only asked for advice.

Unpinned Dependencies

Low

Category: Supply Chain
Content: pandas>=1.5.0
Confidence: 95% confidence
Finding: pandas>=1.5.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal