Budget Builder

Security checks across malware telemetry and agentic risk

Overview

This budgeting skill is coherent and disclosed, but it works with QuickBooks financial data and stores budget files locally.

Install only if you are comfortable using it with the intended QBO company data. Review the referenced Python script before running it, confirm QBO access is least-privilege where possible, keep generated Excel and .cache/budget-builder files out of shared or synced locations, and delete cached budget/CDC files when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documentation describes pulling accounting data from QBO and persisting budget and CDC files locally, but it does not prominently warn users that sensitive financial data will be stored on disk. This can lead to unintentional exposure of confidential financial information through shared workstations, backups, source-controlled directories, or insufficiently protected local files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal