A股财务建模助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a financial-modeling instruction file with disclosed, purpose-aligned behavior and no hidden executable, credential-seeking, persistent, or destructive components.

Install this if you want help drafting A-share financial models or valuation workbooks. Verify all financial data, assumptions, formulas, and valuation outputs before relying on them, and consider narrowing trigger phrases if you use other finance-related skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger condition says users can invoke the skill with phrases like '建财务模型' or 'DCF估值' '等', without defining a clear boundary. That can cause the skill to activate for loosely related finance conversations, increasing the chance of unintended data handling, misleading model-building behavior, or inappropriate use in contexts where the user did not explicitly request spreadsheet/model generation.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Several trigger phrases are broad and overlap with ordinary financial discussion, such as general valuation or comps analysis requests. In an agent environment, broad triggers can misroute conversations into this skill unexpectedly, leading to unnecessary access to financial-data workflows, generation of authoritative-looking valuation outputs, or execution of complex modeling steps without sufficient user confirmation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal