Back to skill

Security audit

Wyckoff Analysis AShare

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only A-share analysis skill whose online lookups and portfolio-style recommendations match its disclosed purpose, but users should treat its outputs as financial analysis rather than trading authority.

Install only if you want A-share-focused online market analysis. Avoid sharing portfolio details you consider sensitive, expect stock symbols and event dates to be looked up through public financial sources, and review any generated Python chart code before running it. Treat buy/sell/rotation suggestions as informational analysis, not financial advice or trading authorization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest advertises automatic scenario detection and broad behavior without clear trigger boundaries, which can cause the skill to activate in contexts the user did not explicitly request. In a financial-analysis skill, this increases the chance of unsolicited investment guidance, unintended tool use, and overcollection of sensitive portfolio data.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The metadata presents the skill in Chinese only and does not indicate that language choice depends on user preference. This can mislead or exclude users, and in a finance context it may cause misunderstanding of recommendations, risk disclosures, or trading-session constraints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to perform联网查询 and targeted external searches based on user-provided context without disclosing that external requests may occur. This is dangerous because user inputs, market interests, or sensitive trading context can be transmitted to third-party services unexpectedly, creating privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill mandates processing uploaded CSVs, holdings, cash information, and images without warning users that potentially sensitive financial data will be handled. This is risky because portfolio composition, cost basis, and screenshots may contain confidential investment information, and users are not given a chance to consent, redact, or limit processing.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Forcing all time references into Beijing time without user opt-in can misinterpret user intent and produce materially wrong trading guidance, especially for users in other regions or discussing other markets. While not a classic exploit primitive, it is a safety-relevant policy flaw that can lead to incorrect actions based on misunderstood timing.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Mandating a Chinese persona-style response and Chinese-only annotations without offering a language choice can cause misunderstanding of financial analysis and reduce informed user control. In a trading-oriented skill, comprehension failures can have real-world consequences even if the issue is primarily usability and consent-related.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.