Vergi Takvimi Tr

Security checks across malware telemetry and agentic risk

Overview

This is a Turkey-specific tax calendar reference skill made of markdown files, with no code or privileged behavior.

Safe to install from an agent-security perspective. Use it only for Turkish tax/SGK reference questions, confirm jurisdiction when the user asks generically, and verify current deadlines or obligations with official Turkish sources or a qualified accountant before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger scope is broad enough that the skill may activate for general tax-related questions without clearly narrowing to Turkish tax calendar and filing-deadline use cases. This can cause misrouting, user confusion, or jurisdictionally incorrect guidance if the user intended another country, though it does not by itself create direct code-execution or data-exfiltration risk.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: The skill is explicitly specialized for Türkiye and Turkish tax obligations, but the metadata does not clearly state how the agent should behave when the user's locale or preferred language differs. In practice this can lead to the skill being selected for users who ask generic tax-calendar questions and receiving advice tied to the wrong legal jurisdiction or language expectations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal