South African Tax Article Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local template-based tax article generator with no hidden network access, credential use, persistence, or automatic publishing behavior in the inspected artifacts.

Install this only if you want a local draft generator for tax-related articles. Review all generated SARS dates, rates, penalties, and compliance statements with official or professional sources before publishing, and treat any WordPress/webhook publishing as a separate integration that would need its own access controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger definitions are overly broad, including scheduled events, manual CLI execution, and optional webhooks without clear gating conditions, authentication requirements, or activation boundaries. In practice, this can allow the skill to run unexpectedly or be invoked by unintended inputs, increasing the chance of unauthorized content generation, file writes, or downstream publishing actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal