Security audit

Invoice Generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple Markdown invoice-writing skill, but invoices may include sensitive payment details if the user provides them.

Install if you want help drafting invoices, but avoid entering full bank account or routing numbers unless truly required. Prefer payment links, masked details, or placeholders, and review the invoice before sharing it with clients or third parties.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly requests and reproduces sensitive financial and personal data, including addresses, email, payment information, bank name, account number, and routing number, but provides no warning, minimization guidance, or safer handling instructions. In an LLM workflow, this increases the chance that users disclose unnecessary PII/financial data into prompts, logs, histories, or downstream systems where exposure could enable fraud, privacy violations, or account compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.