Sap Journal Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local SAP journal-audit helper, with a minor activation-scope caveat but no evidence of hidden data transfer or unsafe behavior.

Install only if you intend to analyze SAP FI/CO journal exports. Because accounting files can contain sensitive business data, invoke it explicitly and review the generated memo and CSV before sharing them. Be aware that it stores limited run history and creates output files in the input file directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes generic phrases such as "audit journal," "SAP audit," "review postings," and "flag anomalies," which can match many ordinary finance or audit requests beyond this specific skill. Overly broad triggers can cause unintended skill activation, leading users to route sensitive financial data into this skill when they did not explicitly intend to use it.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger list includes generic phrases such as 'SAP audit', 'review postings', and 'flag anomalies' that can plausibly match routine user requests outside a narrow, explicit invocation of this specific skill. Overly broad activation can cause the skill to run on unintended inputs, exposing sensitive financial files to unnecessary processing and increasing the chance of misrouting or unauthorized analysis in multi-skill environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal