Back to skill

Security audit

高瓴资本投资框架

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only investment-analysis framework with broad trigger phrases, but it does not request credentials, run code, access private data, or make system changes.

Install this only if you want some finance discussions to be analyzed through a Hillhouse-style long-term investment framework. Watch for unwanted activation on generic investing terms, and do not treat its output as official Hillhouse advice, personalized financial advice, or a substitute for professional due diligence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The activation phrases are broad enough to match ordinary investment discussion, which can cause the skill to trigger when the user did not explicitly request this framework. In an agent setting, unintended activation can bias answers, override normal routing, or inject domain-specific heuristics into unrelated financial conversations, creating reliability and safety issues.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very common investment phrases such as '价值投资', '长期主义', and founder-evaluation language that can appear in many ordinary finance discussions. This can cause unintended activation and make the agent adopt a niche persona or framework when the user did not explicitly request it, leading to mis-scoped responses and reduced reliability.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation rule says the skill should activate when the user mentions any related content, but the scope of 'related' is not tightly bounded. Ambiguous auto-activation conditions increase the chance that the skill intercepts normal investment conversations and applies specialized guidance without clear user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.