Risk Manager

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only finance risk-management skill and does not request credentials, code execution, account access, or persistence.

Before installing, treat outputs as financial decision support rather than trading instructions. Review any position sizing, stop-loss, hedge, or drawdown recommendation yourself or with a qualified adviser before acting on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The description and activation guidance use broad terms such as 'use proactively for risk assessment' and 'working on risk manager tasks or workflows,' which can cause the skill to be invoked in loosely related contexts without clear boundaries. This is not inherently malicious, but over-broad activation can lead to inappropriate routing, unnecessary exposure of portfolio-related context, or overreliance on this skill when a more specialized skill would be safer or more accurate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal