Security audit

cgma-finance / 世界一流财务管理体系建设专家

Security checks across malware telemetry and agentic risk

Overview

This is a finance-report generator that creates requested documents, with no evidence of hidden code, credential access, exfiltration, or destructive behavior.

Install only if you want a skill that can generate finance whitepapers, CSV files, and presentations from your inputs. Avoid providing confidential business data unless you are comfortable with it being saved in generated files, confirm where outputs will be written, and review generated HTML/PDF content before sharing externally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Low

Confidence: 94% confidence
Finding: The skill embeds the author's personal email address and phone number directly in the documentation, which unnecessarily exposes personal contact data to all users and downstream systems that ingest the skill. While this does not directly enable code execution, it creates privacy, spam, social-engineering, and data-handling risk unrelated to the skill's finance functionality.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill advertises that mentioning unspecified 'relevant keywords' will automatically activate it, but it does not define clear boundaries, confirmation requirements, or eligibility rules. In an agent environment, broad auto-activation can cause the wrong skill to take control of a conversation and generate files or outputs the user did not explicitly request, increasing the risk of unintended actions and prompt-routing abuse.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The instruction that users can 'directly describe your needs' to auto-trigger the skill is ambiguous and encourages activation from loosely related natural-language requests. In practice, this can cause accidental invocation, especially in mixed-domain conversations, and may lead to unreviewed generation of deliverables or overwriting the user's working context with artifacts.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The README describes automatic generation of multiple artifacts, including markdown, CSV, HTML, and PDF outputs, but does not clearly disclose at that point that these files are written into the session working directory. Hidden or insufficiently disclosed file writes are risky in agent systems because they can surprise users, clutter or overwrite local artifacts, and create downstream exposure if sensitive business content is saved automatically.

Vague Triggers

High

Confidence: 92% confidence
Finding: The trigger list is extremely broad and includes generic finance phrases such as 'CGMA', 'finance system', and 'financial transformation', making accidental or overly frequent invocation likely. In this skill's context, broad triggering is more dangerous because the workflow later instructs automatic multi-file generation and delivery, potentially causing unintended actions, resource use, or disclosure of generated artifacts when a user only asked a general finance question.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The workflow specifies automatic creation of multiple files in a concrete local filesystem path and final delivery, but the skill description does not clearly warn users about these side effects up front. This reduces informed consent and can lead to unexpected local writes, path assumptions, or unreviewed artifact generation, especially when combined with broad triggers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.