xqant daily market report

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only market-report skill; the broad trigger wording is a minor scoping caution, not evidence of unsafe behavior.

Install only if you want an agent to help produce informational market summaries. Verify the market data and any referenced local files before relying on the conclusions, and treat the output as analysis rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad and include an open-ended “等”/etc. pattern, which can cause the skill to activate on loosely related user requests. In an automation context, this increases the chance of unintended invocation, causing the agent to fetch market data, read referenced files, and generate financial analysis when the user did not explicitly request this exact workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal