Finance Capability Model

Security checks across malware telemetry and agentic risk

Overview

This is a simple finance capability-model reference skill with no code execution or sensitive access, though its trigger terms are broad.

Reasonable to install if you want a finance capability-model helper. Be aware it may activate on broad terms like finance capability or talent assessment, so check that its structured JSON-style framing is appropriate for the request.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger keywords are generic finance/HR terms such as '能力模型', '财务能力', and '人才评估', which can easily appear in ordinary user conversations. This creates a real risk of unintended skill activation, causing the agent to inject this skill’s structured framing into unrelated requests and potentially degrade routing accuracy or override user intent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal