Back to skill

Security audit

Tax Professional

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent tax assistant, but it handles sensitive tax data and includes persistent Telegram reminder commands without enough consent and privacy controls.

Review this skill carefully before installing. It may read personal profile context, store tax and expense records in the workspace, reference other skills' financial data, and set up Telegram tax reminders if those commands are run. Use it only if you are comfortable with that data handling, avoid enabling Telegram cron reminders unless you explicitly want them, and verify important tax decisions with current IRS guidance or a qualified tax professional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to create Telegram cron jobs, which adds an outbound messaging capability beyond local tax advice and expense tracking. This can persistently message an external channel and create side effects without an explicit per-action user confirmation flow, increasing the risk of unwanted notifications or abuse of external integrations.

Context-Inappropriate Capability

Low
Confidence
81% confidence
Finding
The skill directs the agent to verify tax rules via IRS or current-year web searches, which expands behavior from local analysis into network access. While reasonable for tax accuracy, it introduces the risk of unintended external requests, data leakage through query terms, and dependence on live content not controlled by the user.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The skill is written to react whenever a user mentions purchases, expenses, or tax-related situations, which is broad enough to trigger on ordinary conversation. In practice this can cause over-collection, unsolicited advice, or unintended logging of financial data when the user did not mean to invoke persistent tax tracking behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly stores expense records to persistent JSON files but does not present a clear user-facing privacy notice about what financial data will be retained, for how long, or who can access it. Because tax expenses can reveal employment, health, travel, and business information, silent persistence increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instruction to read USER.md for employment type, location, filing status, and personal context causes the skill to access sensitive personal data without an explicit privacy warning or consent boundary in the skill itself. This expands access to user context that may not be necessary for every interaction and can lead to privacy surprises.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.