French Business Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a drafting-only French business assistant, with the main caveat that it suggests storing business and bank details in persistent memory files.

Safe to install as a drafting assistant, but only store the minimum business details needed. Avoid putting IBAN or client personal data in broad memory unless you are comfortable with future agents reusing it, and review generated invoices, legal wording, emails, and prospecting messages before issuing or sending them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly instructs users to place sensitive business and banking data such as SIRET, VAT number, IBAN, address, and signature into USER.md or MEMORY.md without any warning about storage scope, downstream model access, logging, or retention. In an agent ecosystem, these files may be broadly accessible to skills, prompts, exports, or debugging flows, so this creates a real data-exposure risk even if the feature is intended for legitimate business automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal