学术人员邮箱批量搜索工具

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does what it says: searches for academic email addresses from a spreadsheet and writes results back, with privacy, accuracy, and overwrite risks users should manage.

Use this on a copy of the spreadsheet, confirm you are allowed to process and search the people list, and manually review matches before relying on the filled addresses, especially for common names.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill describes modifying the Excel file but does not clearly warn that the operation may overwrite user data in place. In an agent setting, this can cause silent destructive changes to user files, especially when the user expects a non-destructive enrichment workflow.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The quick-start text instructs the agent to overwrite-save /tmp/target.xlsx without any explicit user warning or confirmation. This is dangerous because agents may execute the workflow literally, causing irreversible loss of prior spreadsheet content or corruption of the only copy.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal