Security audit

Payroll

Security checks across malware telemetry and agentic risk

Overview

This is a payroll guidance skill made of markdown and JSON only, with no executable code or hidden access, but users should treat payroll data carefully.

Install only if you want payroll checklist and explanation assistance. Do not paste full Social Security numbers, bank account details, complete tax notices, or unnecessary employee records into chat, and verify payroll calculations, filings, deadlines, classifications, garnishments, and final-pay obligations with payroll software, official agency guidance, an accountant, or counsel before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains broad, common terms such as "payroll," "W-2," and "1099" that may appear in many ordinary conversations, increasing the chance the skill is invoked when the user did not explicitly intend to use it. In a payroll skill, unintended activation can surface sensitive employment, tax, or compensation guidance in the wrong context and may interfere with routing to more appropriate skills.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal