Back to skill

Security audit

Agent Tax & Ledger Compliance Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable tax-compliance guide, but it asks for sensitive payment and signing credentials and includes live, state-changing financial API examples that need careful review before use.

Review before installing or using the examples. Treat this as documentation, not safe-to-run automation. Do not provide production Stripe keys, signing keys, wallet access, or taxpayer identifiers unless you have reviewed every API call and limited the credentials to the minimum scope. Use sandbox or test credentials first, and require manual approval for any payment intent, ledger mutation, identity claim submission, or cross-agent search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The guide states that examples use a sandbox with no API key required and that credentials are user-supplied, yet the code later hardcodes an API key and sends bearer-authenticated requests. This inconsistency can mislead operators into trusting the examples and normalizing unsafe credential handling practices, increasing the chance of accidental secret exposure or unauthorized external calls.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
This is a non-executable markdown guide, yet it declares sensitive credentials including an agent signing key and Stripe API key as required inputs. Requesting high-value secrets for documentation materially expands the attack surface because users or host platforms may provision unnecessary credentials to a skill that does not need them to render or be read.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.