Spreadsheet Engineering

Security checks across malware telemetry and agentic risk

Overview

This is an educational spreadsheet-engineering skill with relevant examples, though users should review automation snippets before running them on real data.

This skill is reasonable to install for spreadsheet design and automation help. Before running any generated or copied Apps Script/VBA, test it on a copy, verify email recipients and data sensitivity, keep a backup or version snapshot, and add confirmation or dry-run behavior before deleting or moving rows.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill includes ready-to-use automation examples that send email and delete or archive rows, but it does not prominently warn users that these actions transmit spreadsheet data externally or irreversibly modify data. In a skill intended to help users build spreadsheet automations, such examples are contextually relevant, but without safety guardrails they can be copied into production and cause accidental data leakage or destructive changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal