Stock Analyzer

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill appears coherent and purpose-aligned, with ordinary local report/chart output and no hidden destructive or exfiltrating behavior found.

Install only if you are comfortable with third-party Python packages such as yfinance, pandas, numpy, matplotlib, and optional scikit-learn. Stock symbols are fetched from Yahoo Finance, and analysis reports or charts may be saved locally in the configured output directory; avoid using a shared or sensitive directory for output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: The tool automatically writes generated reports to disk using a configurable output directory without prominently warning the user at the command interface. In this skill context, the reports may include queried symbols, timestamps, and fetched company information, creating an unintended local data persistence/privacy issue, especially on shared systems or automated environments where users may assume output is only printed to stdout.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal