Bank Financial Report

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only financial statement analysis skill with broad finance triggers but no code, credentials, persistence, or hidden data handling.

Reasonable to install for financial statement analysis. Use approved data only, avoid pasting confidential financials into an untrusted agent environment, and treat outputs as analytical support rather than investment, lending, audit, or regulatory decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list uses broad generic phrases such as 财务分析 and 估值分析 that are likely to match many ordinary finance-related requests beyond the intended banking-report workflow. This can cause the skill to activate unexpectedly, hijack unrelated conversations, and expose users to analysis paths or disclaimers they did not explicitly request.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad, generic financial-analysis terms such as '财务分析', '估值分析', and '财报分析', which are likely to match many ordinary user requests. This can cause the skill to activate in unintended contexts, increasing the chance of overreach, misrouting, or unsolicited handling of sensitive financial queries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal