quote-invoice-workbench

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local quote and invoice drafting skill with disclosed draft-only behavior and no hidden network, credential, persistence, or destructive actions.

Safe to install for drafting quotes and invoices. Review all amounts, taxes, discounts, terms, assumptions, and scope exclusions before sending anything externally, and run the helper only with input and output paths you intentionally choose.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill advertises a local helper script and the static analysis detected file read/write capabilities, but the manifest does not declare any permissions or capability expectations. This creates a transparency and policy-enforcement gap: operators may approve or trust the skill without realizing it can access or produce files, increasing the chance of unintended data exposure or unauthorized file creation.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The skill description promises transformation of messy pricing notes into polished quotes, SOW items, and invoice drafts, but the analyzed behavior reportedly only handles structured JSON line items and lacks note interpretation, assumption surfacing, and document generation. This mismatch is dangerous because users may rely on outputs as if they were complete and professionally structured when the implementation omits key processing steps, causing financial errors, missing assumptions, or misuse in business workflows.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger examples include generic phrases such as "invoice draft" and "scope and quote," which are broad enough to match ordinary user requests outside the intended workflow. This can cause unintended invocation of the skill, leading to incorrect routing, unexpected file handling suggestions, or disclosure of pricing/workflow behaviors in contexts where the user did not explicitly request this tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal