Sector Analyst

Security checks across malware telemetry and agentic risk

Overview

This is a coherent market-analysis skill with no executable code, credential use, or hidden data transfer; its main caveats are English-only output and a local Markdown report file.

Before installing, confirm where the Markdown report will be written and how same-day reports should be named. Expect English-only analysis unless you override it, and treat any sector positioning recommendations as analytical market commentary rather than guaranteed investment advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The skill hard-codes English-only analysis and output without indicating that this is user-selectable or necessary for safety. This can improperly override user language preferences and create unnecessary policy constraints, but it does not introduce code execution, data exfiltration, or privilege-escalation risk.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The important notes section reiterates an English-only requirement for both analysis and output without user choice or clear necessity. Repeated fixed language constraints can reduce user control and accessibility, but in this market-analysis skill they remain a policy/usability issue rather than a high-severity security flaw.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal