Market News Analyst

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only market news analysis skill that uses web search for public financial news and does not show hidden execution, credential access, or persistence.

Install only if you want an English-language market-news research workflow that searches public web sources. Treat the output as analysis, not financial advice, and verify important market conclusions against primary sources before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill hard-codes English-only thinking and output at the metadata level, which can override or conflict with a user's requested language. This is primarily a policy and usability issue, but in an agent setting it can also reduce transparency, impair user comprehension, and cause the model to ignore higher-priority user preferences.

Natural-Language Policy Violations

Medium

Confidence: 97% confidence
Finding: These repeated instructions reinforce mandatory English-only operation for both analysis and output without user opt-in. Repetition makes the constraint more likely to dominate behavior, increasing the chance the agent disregards user language preferences or produces inaccessible output.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal