Bank Reconciliation Agent

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only bank reconciliation skill that needs sensitive financial files but does not run code, collect credentials, or change bank/accounting systems on its own.

Install only where handling bank statements and ledger exports is approved. Share the minimum needed files, redact full account numbers and unrelated PII where possible, never provide banking credentials, and have a qualified reviewer approve matches and journal entries before posting them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly asks users to upload bank statements and general ledger exports, which commonly contain highly sensitive financial and identifying data, but it provides no privacy notice, minimization guidance, or handling restrictions. In this context, the omission increases the risk of unnecessary disclosure, oversharing, and improper downstream storage or processing of confidential business financial records.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal