Back to skill

Security audit

Super Finance Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight reference-only finance knowledge-base skill with no executable code, credentials, persistence, or hidden data access.

Install only if you want a bilingual reference framework for finance knowledge-base organization. Treat any generated financial, legal, regulatory, or insurance content as draft guidance requiring qualified human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger keywords are broad, generic enterprise terms such as 'knowledge management,' 'document management,' and 'semantic search,' which can cause the skill to activate for many unrelated user requests. Over-broad routing increases the risk of misapplication, unintended disclosure of internal context, or unsafe reliance on a domain-specific skill outside the user's intended scope.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
A Chinese-priority language policy without user opt-in can override user intent and lead to responses in an unexpected language, which is especially risky in financial and regulatory contexts where precision matters. This can degrade usability, cause misunderstanding of compliance content, and increase the chance of incorrect downstream decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.