Bank Compliance Review

Security checks across malware telemetry and agentic risk

Overview

This is a text-only banking compliance checklist skill with no executable behavior, but its broad triggers and sensitive KYC/AML use cases deserve care.

Install this only if you want a conversational bank-compliance review assistant. Avoid entering unnecessary real customer, account, ownership, sanctions, or transaction details, and consider narrowing the triggers so ordinary compliance conversations do not invoke it unintentionally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list contains very broad phrases such as “合规审查”, “合规审核”, and “合规检查”, which are likely to activate on ordinary compliance-related conversations outside the narrow banking context. This can cause the skill to be invoked unexpectedly, increasing the chance of misrouting sensitive requests and providing domain-specific guidance in contexts where it is not appropriate.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list contains very broad terms like compliance review, AML, KYC screening, and compliance risk that are likely to appear in ordinary banking conversations. This can cause unintentional invocation of the skill in contexts involving sensitive regulatory or customer-review workflows, increasing the chance of confusing handoff, unauthorized processing expectations, or accidental exposure of regulated content to the wrong skill.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal