Back to skill

Security audit

CFO Global Super Expert System

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed CFO-oriented router for finance-related sub-skills and does not show hidden exfiltration, destructive actions, credential use, or persistence.

Installers should understand that this skill is an aggregator: it may load other installed finance-related skills and rely on their instructions or scripts. Use it when you want that broad CFO workflow, and review the underlying sub-skills before relying on outputs for investment, legal, audit, or compliance decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill is presented as a CFO advisory system, but it also acts as a router, enumerator, and loader for other installed skills and local skill files. That mismatch can cause users or platform controls to trust it as a narrow business-analysis tool while it actually expands reach into local skill inventory and orchestration behavior, increasing attack surface and enabling unexpected data or capability discovery.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The routing table uses broad, common finance keywords such as 'market', 'industry', 'valuation', and 'audit', which can cause over-triggering and unintended activation of this composite skill. In a multi-skill environment, that increases the chance of pulling in unnecessary sub-skills, reading extra files, or invoking scripts based on weak keyword matches rather than clear user intent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to 'automatically route user requests to the most appropriate sub-skill' lacks clear constraints, approval steps, or fallback rules. Because the skill is an aggregator that can load other skills and scripts, unconstrained auto-routing makes accidental or excessive capability invocation more likely and weakens the user's ability to predict what will execute.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.