Back to skill

Security audit

1688 Common Html Report Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local HTML report generator, with the main caveats that generated reports load a public charting library and can include raw HTML.

Install this for generating local HTML dashboards from data reports. Avoid feeding it untrusted report text unless you sanitize the output, and consider replacing the CDN script with a local pinned ECharts copy if reports will be opened offline or shared broadly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to read arbitrary user-provided files and create executable Python scripts that write outputs, but it does not declare corresponding permissions. This mismatch weakens security review and runtime policy enforcement because consumers may treat the skill as lower-risk than it actually is.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The template loads ECharts from a third-party CDN at runtime, which adds an external trust dependency to an otherwise local report artifact. If the CDN, upstream package, or network path is compromised, opening the generated HTML could execute attacker-controlled JavaScript in the user's browser.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
A report generator is expected to produce self-contained output, but this template requires network access to fetch executable JavaScript from cdnjs. That expands the attack surface, leaks usage metadata when reports are opened, and creates reliability and supply-chain risks unrelated to the core skill purpose.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manual explicitly exposes a raw HTML passthrough primitive with no warning or sanitization guidance. In an HTML report generator, this can enable script injection, malicious markup, or unsafe event handlers if any portion of the HTML comes from untrusted or semi-trusted input, leading to XSS or integrity compromise of generated reports.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.