Geneva Tax Advisor

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a Geneva tax-filing guide, but it includes advice that could lead users to misstate work-from-home facts on a tax return.

Review carefully before installing. The skill appears low-risk from a software execution perspective, but do not rely on its work-from-home and meal-deduction shortcut; only report facts that match your actual working pattern and verify uncertain Geneva tax rules with official guidance or a qualified tax professional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The line explicitly advises the user to declare commuting to the office every day when they actually work from home part-time, in order to preserve meal deductions. That is guidance to misrepresent facts on a tax return, which can facilitate tax fraud, expose users to penalties or audits, and create legal and reputational risk for the skill provider.

Ssd 4

Medium

Confidence: 97% confidence
Finding: The wording reframes non-eligibility for a home-office deduction as a tactic to retain other deductions by claiming office presence every day, which is misleading if not true. In a tax-advice skill, this context makes the issue more dangerous because users may rely on it as authoritative filing guidance and submit inaccurate declarations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal