Business Analyst Pro

Security checks across malware telemetry and agentic risk

Overview

This is a business analytics skill with sensitive finance inputs, but the reviewed artifacts do not show hidden data sending, destructive actions, or automatic privileged behavior.

Review the shell scripts before running them, and expect installation to need repair because .env.example is absent and the bundled scripts fail syntax checks. Treat config.yaml as sensitive because it can contain revenue, margins, CAC/LTV, investor contacts, and business plans. Only enable external integrations or memory/storage features with scoped credentials and clear retention rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly instructs users to execute install and smoke-test shell scripts from the package and user home directory without explaining what those scripts do, what files they modify, or what privileges they require. In a supply-chain context, encouraging blind execution of bundled shell code increases the risk of arbitrary command execution, persistence, or unintended system changes if the package is tampered with or poorly written.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: Trigger phrases such as common conversational requests can cause unintentional invocation of the skill during ordinary discussion, leading the agent to switch into finance-analysis mode without clear user intent. In a business context this can expose or transform sensitive financial inputs unexpectedly, create confusing automation, and increase prompt-routing abuse surface.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: KPI triggers like broad business-health questions are ambiguous and can overlap with normal conversation, increasing the chance of accidental mode activation. That raises privacy and integrity risk because the skill may interpret surrounding context as structured business data or generate authoritative-seeming KPI outputs without deliberate user initiation.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Comparison-mode phrases like generic requests to compare periods are common in ordinary analytical chat and may collide with unrelated discussion. This can trigger unintended extraction and comparison of financial context from prior messages, which is risky in a skill designed to operate on potentially sensitive business metrics.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The quick-start phrase 'что улучшить?' is extremely broad and likely to appear in many benign conversations, making accidental invocation especially likely. Because the skill produces prescriptive business recommendations, unintended activation can lead to misuse of sensitive context and overconfident advice in the wrong setting.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list contains very generic business phrases such as "Build a financial model," "Analyze our P&L," and "Budget review," which are likely to overlap with ordinary user requests. That can cause unintended skill activation, routing sensitive financial conversations into this skill without clear user intent, increasing the chance of inappropriate data collection or workflow hijacking.

Vague Triggers

Medium

Confidence: 71% confidence
Finding: The skill description presents very broad generation abilities with no clear invocation boundaries, which can cause the agent to activate in unintended contexts and produce outputs outside the expected business-analytics domain. In a multi-skill environment, vague triggering and unconstrained capability claims increase the risk of overreach, accidental handling of sensitive uploaded data, and confusing or unsafe task selection.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger is effectively just a common word meaning 'dashboard', which is highly likely to appear in ordinary user requests unrelated to this specific skill. That creates unintended activation risk, causing the skill to intercept general conversations and steer outputs in ways the user did not explicitly request.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example library repeatedly uses very generic trigger phrases such as "дашборд", "воронка", "финмодель", and similar single-term invocations. In a skill system that routes or activates behavior based on prompts, such broad keywords can cause accidental invocation from ordinary business conversations, producing unintended tool behavior or misrouting user input.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The example relies on a very generic trailing trigger term like "дашборд" after free-form business data, without defining strict invocation boundaries or a reserved command format. In systems that route on fuzzy matching, such broad activators can cause unintended skill activation on ordinary business conversations or pasted financial data, increasing the chance of accidental processing of sensitive company information.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The scenario activators "unit экономика" and "финмодель" are also underspecified and composed of common business terms that may appear in normal user messages. If the host agent uses broad matching, these phrases can unintentionally launch the skill on sensitive finance content, leading to misrouting, over-collection, or disclosure of internal metrics to the wrong workflow.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The installer creates a target directory under the user's home directory and copies multiple files into it immediately, without any confirmation prompt, dry-run mode, or explicit warning before making changes. While this is common installer behavior and not inherently malicious, it still modifies the filesystem in a user-controlled location and could surprise users or overwrite expectations if they pass an unintended target path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal