Security audit

Finanças Template

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed personal-finance template that stores and summarizes local finance files, with no executable code or hidden network behavior.

Install only in workspaces where you are comfortable keeping personal finance records under workspace/financas. Review each interpreted transaction before confirming, and consider narrowing activation triggers if common words like conta, total, banco, or month names would often appear outside finance tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The auto-activation triggers are extremely broad and include common words like 'compre', 'conta', 'total', and month references, which can easily appear in ordinary conversation. In a finance skill that reads and updates workspace files, unintended activation can cause accidental access to sensitive financial data or unwanted modification workflows to begin.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal