Financial Overview

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only finance summary skill that clearly retrieves sensitive business financial data for a matching financial overview request.

Install only if you trust the Norman Finance MCP server and are comfortable with the agent displaying balances, recent transactions, invoices, and tax information in the chat. For ambiguous requests, ask the agent to limit the scope before it retrieves a full overview.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description is broad enough to trigger on generic requests like 'summary' or 'how is my business doing?', which can cause the skill to activate and aggregate highly sensitive financial data when the user did not clearly request a full financial disclosure. In a finance context, over-broad routing increases the chance of unnecessary exposure of balances, transactions, invoices, and tax information.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to collect and present a consolidated view of multiple sensitive financial datasets without first warning the user or confirming that such broad aggregation is desired. Aggregating balance, transactions, invoices, and tax obligations in one response materially increases privacy and confidentiality risk if triggered in the wrong context or shown to an unintended viewer.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal