Back to skill

Security audit

Bank Compliance Review

Security checks across malware telemetry and agentic risk

Overview

This is a text-only banking compliance assistant with no executable code or hidden data access, but users should avoid pasting unnecessary sensitive customer details.

Install only if you need banking compliance review support. Use anonymized or minimum-necessary customer, transaction, and shareholder information unless your organization has approved sharing the exact data with the agent environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad compliance-related phrases such as 合规审查/合规检查/监管报告 that are likely to match ordinary user conversations far beyond the intended banking context. Over-broad activation can cause the skill to engage unexpectedly in unrelated workflows, increasing the chance that sensitive regulatory, customer, or transaction data is routed into this skill without deliberate user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The usage templates explicitly ask users to paste KYC, AML, transaction, cross-border, shareholder, and agreement details, which are likely to contain personal, financial, and regulated data. Although there is a general disclaimer later, the usage section itself lacks a prominent data-minimization, redaction, and authorized-use warning, making accidental oversharing of sensitive customer information more likely.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list contains generic compliance-related phrases such as 合规审查, 合规审核, and 反洗钱 that are likely to appear in ordinary user conversations, increasing the chance of unintended skill activation. In a banking/compliance context, accidental invocation can route sensitive regulatory, KYC, or AML discussions into this skill without clear user intent, creating privacy, workflow, and trust risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.