Back to skill

Security audit

Wise Penny

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Wise Penny financial-analysis connector with sensitive bank-data access, but its behavior is coherent with that purpose and includes user-directed limits on writes.

Install only if you want the assistant to analyze your Wise Penny financial data. Linking accounts through Wise Penny/Plaid can expose balances, transactions, account names, recurring bills, and household-circle financial details to the assistant for analysis. Review proposed organizing changes before approving them, especially deletions of goals, budgets, rules, categories, tags, or transfer links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill is configured to activate for very broad money-related requests ('use whenever the user asks about their money'), which can cause the assistant to invoke a highly sensitive banking integration for casual finance questions that may not require bank access. In practice, this increases the chance of unnecessary collection, exposure, or processing of financial data beyond the minimum needed for the user's request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup flow instructs users to sign in, start a free trial, and link bank accounts via Plaid, but does not prominently warn that highly sensitive transaction and balance data will be shared with the assistant through the MCP connection. Because this skill handles bank-account data, insufficient privacy disclosure materially increases the risk of users connecting accounts without informed consent about data exposure and retention implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:111