Security audit

税务策略师

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a Chinese/PRC tax-advice helper, but its activation terms are too broad for high-stakes tax guidance.

Review before installing if you expect broad business or finance assistance, because this skill may activate too easily and provide PRC-focused tax guidance. Use it only for explicit China tax questions, and verify any tax position with a qualified professional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list is broad and consists of common business terms, which can cause this tax-planning skill to activate during ordinary finance discussions that did not request tax advice. In an agent system, unintended invocation can expose users to jurisdiction-specific tax guidance, create misleading authority, and override the more appropriate general assistant behavior.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill is hard-coded to Chinese language and PRC tax-law context without checking the user's preferred language or legal jurisdiction. If invoked for users in other regions or multilingual contexts, it may provide inapplicable legal-tax guidance, which is especially risky because tax advice is highly jurisdiction-dependent.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 92% confidence
Finding: The trigger '财务' is extremely short and generic, making accidental matches likely across many unrelated conversations about finance. This increases the chance that specialized tax-planning behavior is activated when the user did not intend to seek tax advice.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 92% confidence
Finding: The trigger '分析' is so broad that it can match a very large portion of normal user requests, many of which have nothing to do with tax strategy. This can cause over-invocation of a high-authority specialist persona in contexts where its advice may be irrelevant or confusing.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 90% confidence
Finding: The trigger '报表' is a common term used for many kinds of business reporting, not just tax matters. A broad trigger on such a term can misroute ordinary reporting requests into tax-optimization guidance, increasing the risk of irrelevant or inappropriate specialist responses.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 90% confidence
Finding: The trigger '预算' is a generic planning term and is not sufficient to indicate tax strategy intent. In practice, it may cause this skill to activate for routine budgeting conversations, unnecessarily introducing legal-tax assumptions and jurisdiction-specific advice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal