Back to skill

Security audit

InvoiceGen

Security checks across malware telemetry and agentic risk

Overview

InvoiceGen is a local invoicing helper whose sensitive file use is disclosed and aligned with creating invoices.

Install only if you are comfortable keeping client records, invoice history, payment instructions, and tax details in local workspace files. Prefer payment links or references over full bank account numbers or unredacted tax IDs, restrict file permissions, keep the invoices directory out of git, and review the included Playwright PDF script before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example activation phrase is very broad and resembles ordinary billing-related conversation, which can cause unintended invocation during normal user dialogue. In a financial/invoicing skill, accidental triggering can create draft invoices, client records, or email content from sensitive business context without clear user intent.

Vague Triggers

Low
Confidence
80% confidence
Finding
The setup instruction is ambiguous because it tells the assistant to initialize from another file without a clearly delimited activation pattern or scoped command. This can lead to accidental execution of setup behavior or unintended processing of setup instructions when the text is referenced conversationally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly asks the user to provide sensitive business and payment details, including bank transfer information and tax identifiers, but does not clearly warn how this data will be stored, who can access it, or the privacy risks of placing it in workspace files. Because the prompt also indicates these details will be written into local JSON files, users may disclose high-value financial information without informed consent or proper minimization.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:4