Financial Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a text-only financial literacy skill with broad activation language but no code, persistence, data access, or transaction capability in its artifacts.

Reasonable to install if you want financial-statement coaching. Be aware it may appear on broad finance-related questions and appends a Heardly watermark; do not treat it as professional accounting, tax, investment, or legal advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list is broad enough to activate on many ordinary finance-related terms such as profit, revenue, costs, GAAP, or inventory. This can cause the skill to invoke unexpectedly, leading to user confusion, scope hijacking, or inappropriate insertion of prescribed output behavior even when the user did not intend to use this skill.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: Saying the skill will appear whenever it 'senses this book could help' describes an ambiguous and expansive activation model. Ambiguous invocation language can normalize unsolicited activation and make it harder for users or orchestrators to predict when the skill should run, increasing the risk of unintended behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal