Security audit

Bookkeeping Reconciliation Helper

Security checks across malware telemetry and agentic risk

Overview

This appears to be a documentation-only bookkeeping reconciliation helper with no hidden execution, though its broad auto-invocation wording could route general finance conversations into it.

Install this only if you want help with bookkeeping reconciliation workflows. Because it may activate on broad finance-related requests, review its output before applying it to real records, and avoid sharing unnecessary account numbers, credentials, or full raw financial exports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad and generic enough that the skill may activate for loosely related finance, software, or workflow requests without clear user intent. In an agent system, ambiguous activation can cause the wrong skill to take control, increasing the chance of inappropriate data handling, confusion, or unintended guidance in contexts involving sensitive financial records.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad, generic, and partially templated in a way that could cause the skill to activate for loosely related finance or workflow requests. In an agent environment, unintended invocation can route sensitive bookkeeping or accounting tasks into this skill when the user did not explicitly request it, increasing the chance of inappropriate data handling or mistaken task execution.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest description uses very broad activation terms such as "software-and-data," "bookkeeping," and general requests for workflows, analysis, or implementation support. In systems that auto-select skills from natural-language descriptions, this can cause the skill to activate for loosely related requests, increasing the chance of misrouting, unintended prompt injection exposure from attached skill content, or interference with a more appropriate specialized skill.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger examples use commonplace phrasing like "Help me" and "I need a practical workflow" combined with only loosely scoped finance language. This makes accidental invocation more likely in ordinary bookkeeping conversations, which can lead to overbroad skill selection, confusion in agent routing, and increased exposure to any harmful or low-quality instructions embedded in the skill.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation description is broad and mixes a wide set of business domains and output types, which can cause the skill to trigger outside the user's actual intent. In an agent environment, overbroad routing can expose unrelated user context to the skill and produce finance-specific guidance when it was not requested, increasing mis-execution risk.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger section provides only positive keywords and example phrases, without exclusions, disambiguation rules, or negative examples. This makes accidental invocation more likely, especially for common terms like receipts or bookkeeping, which may appear in broader conversations and cause unintended skill selection.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The default prompt contains a broad natural-language trigger phrase tied to common bookkeeping and finance requests, which increases the chance the skill will activate in ordinary conversations where the user did not explicitly request it. In a finance workflow, unintended invocation can cause irrelevant guidance, unintended data handling, or over-collection of sensitive accounting context from users discussing invoices, receipts, or bank activity.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: Enabling implicit invocation without tight trigger constraints allows the system to auto-route bookkeeping-related conversations into this skill based on ambiguous language. Because the skill targets financial operations, accidental invocation may expose sensitive transactional context or cause the assistant to apply specialized workflows when the user only intended general discussion.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger sentences are malformed and overly broad, which can cause the skill to activate in situations that do not actually require bookkeeping reconciliation support. In an agent system, ambiguous activation increases the chance of unintended invocation, irrelevant handling of user requests, or prompt-routing confusion that could expose unrelated context or degrade task safety.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal