Currency Converter

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned financial data lookup skill, with only minor risk of being invoked too broadly for currency-related terms.

Install this if you want financial market or exchange-rate lookup assistance. Be aware that broad currency terms may invoke it in finance-adjacent conversations, and verify any financial data before making decisions because this skill appears to rely on external market-data sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger keywords are broad, generic currency terms such as '美元', '人民币', and '汇率', which are likely to appear in normal user conversation outside explicit tool invocation. This can cause unintended skill activation, leading to user confusion, incorrect routing, or accidental disclosure of financial-context inputs to the skill when another capability was intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal