Quant Architecture Review

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese checklist skill for reviewing quantitative trading system architecture, with no code execution, credentials, persistence, or data access.

Safe to install as a general architecture-review aid. Users should treat its output as checklist-style guidance, confirm that ambiguous prompts are actually about quantitative system architecture, and independently validate recommendations before applying them to real trading systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad conversational terms such as '检查设计', '优化架构', and especially 'XX环节有问题', which can match ordinary discussion and cause the skill to activate unintentionally. Unintended activation can override a more appropriate skill or inject irrelevant architecture-review behavior into unrelated user requests, reducing reliability and potentially causing incorrect guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal