The Richest Man in Babylon

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed book-based personal finance guidance skill with broad onboarding behavior, but it contains only Markdown/JSON content and no code, credential access, persistence, or account actions.

Install this if you want general money-habit guidance framed through The Richest Man in Babylon. Be aware it may activate for common finance questions and on install, avoid sharing unnecessary sensitive financial details, and do not rely on it as personalized professional investment, debt, tax, or legal advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill is configured to trigger on very common financial-help phrases such as saving, debt, budgeting, and investing, which creates excessive overlap with normal user requests. This can cause unintended activation, response hijacking, or routing users into this skill when they did not explicitly request it, especially in shared or multi-skill environments.

Vague Triggers

Medium

Confidence: 98% confidence
Finding: The 'Also triggers on install' behavior allows the skill to activate without any user request tied to the skill's subject matter. Combined with the requirement to proactively present the full onboarding guide on first load, this increases the risk of unsolicited content injection and poor user-consent boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal