Back to skill

Security audit

Invoice & Expense Categoriser (HMRC)

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only bookkeeping helper for categorising UK expenses, with no executable code, credential requests, or hidden data movement.

Safe to install from a security perspective. Treat outputs as bookkeeping guidance, not professional tax advice; avoid pasting unnecessary personal identifiers, full account numbers, card details, or customer data, and verify complex or borderline tax treatment with an accountant before filing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Common Categorisation Rules

Apply these rules automatically. Do not ask the user — just categorise correctly and note it:

### Never Deductible (Disallowed)
- **Client meals and entertaining** — sole traders cannot deduct business entertainment
Confidence
83% confidence
Finding
Do not ask the user

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.