Us Market Bubble Detector

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed market-bubble analysis aid with strong investment-action language, but it does not request credentials, persistence, privileged access, or trade execution authority.

Install only if you want a market-risk checklist that may produce forceful profit-taking or short-selling suggestions. Verify all source data and dates yourself, treat the output as educational decision support rather than personalized financial advice, and do not let it make or execute trades automatically.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The document contains contradictory scoring limits for qualitative adjustment, stating both +3 and +5 in different sections. This inconsistency can cause an agent or operator to over-score bubble risk and generate materially different risk classifications and trading actions from the same evidence.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The implementation guide materially expands the skill from the declared US-market scope to include Japanese-market analysis, which creates scope drift between the manifest and actual behavior. This can cause the agent to act outside user and system expectations, use unsupported data sources or heuristics, and produce unvalidated analysis in contexts the skill was not authorized to cover.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The guide goes beyond bubble-risk evaluation and provides concrete trading tactics such as risk budget, trailing stops, profit-taking, and short-selling rules. This changes the skill from analytical assessment into actionable investment-execution guidance, increasing the chance of unauthorized or unsuitable financial advice and creating behavior outside the stated skill boundaries.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The skill metadata promises quantitative, data-driven market analysis using objective indicators, but the implementation only accepts manual or user-supplied scores and performs no retrieval or validation of market data. This is dangerous because users may rely on the output as if it were evidence-based investment analysis when it is actually subjective input wrapped in authoritative formatting, increasing the risk of misleading financial decisions.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The module-level documentation describes an objective 8-indicator bubble evaluation for U.S. equities, but the indicators and scoring criteria are mostly qualitative heuristics such as media attention and anecdotal mass participation. In a financial-decision support context, this mismatch can misrepresent subjective judgment as rigorous analysis and cause users or downstream agents to place undue trust in the result.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The trigger conditions are broad enough to activate on ordinary investing, valuation, entry-timing, and profit-taking questions, not just bubble analysis. In practice this can route users into a high-stakes market-timing framework in situations where a narrower, more neutral response would be safer, increasing the chance of overconfident or unsuitable advice.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill gives concrete investment and short-selling recommendations, including risk budgets, position reductions, and short-entry guidance, without a clear warning that the output is not personalized financial advice and may cause losses. Because short-selling and tactical de-risking are high-risk actions, users may treat these instructions as actionable recommendations despite lacking suitability, jurisdictional, or risk-capacity assessment.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The referenced section gives concrete profit-taking, stop-loss, position-sizing, and short-selling instructions that could be acted on directly by end users, yet it does not include any prominent warning about financial risk, suitability, uncertainty, or potential losses. In a skill explicitly designed to support practical investment decisions and profit-taking timing, this omission increases the chance that users treat the content as prescriptive financial advice and suffer avoidable losses.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This reference provides concrete trading actions such as stopping entries, immediate profit-taking, and recommending shorts based on a score, but it does not include any warning that the content is educational only and not individualized financial advice. In an agent skill context, these concise operational rules are likely to be surfaced as actionable recommendations, which can cause users to make real-money decisions without understanding suitability, risk tolerance, or loss potential.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal