Startup Financial Model

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only startup financial modeling skill that may handle sensitive company finance inputs but shows no hidden code, automation, credential use, or persistence.

Install only if you are comfortable using an assistant for startup financial modeling. Treat cash balances, revenue, payroll, fundraising, and investor materials as confidential; share only the minimum needed and review any exported CSV, Sheets, or JSON before sending it outside your organization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly instructs users to collect and export sensitive startup financial data, including cash balances, revenue, headcount costs, and fundraising assumptions, but provides no confidentiality notice, minimization guidance, or handling restrictions. In an agent setting, this increases the risk that proprietary financial information is over-collected, exposed in outputs, or shared to downstream tools such as Sheets/CSV exports without the user appreciating the sensitivity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal