Excel Finance

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a simple Excel-finance helper with no evidence of credential access, persistence, network activity, or destructive behavior.

Treat this version as a lightweight demo or placeholder rather than a full Excel automation tool. Before relying on it for real financial work, verify that any future version actually creates files and choose explicit output paths to avoid overwriting important spreadsheets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger set is broad and generic for common finance and spreadsheet tasks, which increases the chance the skill is invoked for ordinary user requests that did not specifically intend to use this skill. Unintended invocation can cause overreach, unexpected file generation, dependency use, or exposure to unreviewed skill behavior in routine finance workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal