Trump Daily Report

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates a Trump-related market news report, saves local report history, and posts it to a configured Feishu group as part of its stated purpose.

Install only if you are comfortable with generated reports being saved locally and sent to the configured Feishu group. Set memory_path to a dedicated folder, verify feishu_group_id before scheduled use, and review organizational policy for using r.jina.ai or other third-party news fetch paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to persist generated reports to local storage and send them to an external Feishu group, but it provides no consent, visibility, or safety gating around retention and transmission. In context, the report aggregates external content and historical memory, so automatic saving and outbound messaging can leak sensitive prompts, operational metadata, or user-derived analysis to disk and third-party channels without the user's awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal