Ksef Accountant En

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only KSeF accounting reference skill; it discusses sensitive financial workflows but does not install or run code and repeatedly requires user control for credentials and production actions.

Install as a reference skill, not as an autonomous accounting operator. Use demo KSeF endpoints for testing, configure production tokens only if the platform shows the variables as protected secrets and enforces manual invocation, and require human accounting review before any production invoice, payment, VAT, or record-changing action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The examples include fields for PESEL and bank account numbers, which are sensitive data types in this accounting context. Even though the values appear illustrative, the file does not clearly warn users not to paste real personal or banking data into examples, which can encourage unsafe copying patterns or accidental disclosure in logs, test fixtures, or documentation reuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal