Greek Financial Statements

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local accounting helper that handles sensitive client financial data, with disclosed access and controls aligned to that purpose.

Install only if you trust the publisher and are comfortable placing client financial records under the configured `/data` directory. Treat generated PDFs and any client-delivery command as requiring senior accountant review and approval before use, and review the `sudo apt install jq` setup step before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 86% confidence
Finding: The skill states that only a senior accountant may issue statements, yet it documents commands that draft and send statements to clients without showing an approval or issuance gate. In a financial workflow, this can enable unauthorized distribution of unreviewed or draft statements, causing disclosure of inaccurate financial data and bypass of intended human oversight.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal