Back to skill

Security audit

Finance Data Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only finance analysis skill with no executable files, tools, persistence, credential handling, or hidden data access.

Safe to install as a reference skill, but treat its finance and regulatory material as educational guidance only. For non-finance data analysis tasks, be aware it may activate due to broad trigger terms, and verify any financial conclusions with current official sources and a qualified human reviewer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is broad enough to match many ordinary finance and analytics requests, which can cause the skill to activate outside a narrowly intended scope. In an agent ecosystem, overbroad routing increases the chance of inappropriate delegation, user confusion, and accidental exposure of domain-specific guidance where it was not explicitly requested.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.