Back to skill

Security audit

Chart Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ChartGen integration that sends confirmed prompts and selected spreadsheet files to ChartGen to create charts and reports.

Install only if you are comfortable using ChartGen as an external processor for the prompts and spreadsheet files you choose to submit. Avoid sending confidential, regulated, or third-party data unless you have approval, keep the ChartGen API key private, and verify any CHARTGEN_API_URL override before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to send user request text and uploaded spreadsheet files to an external ChartGen API, but it does not clearly warn the user that their data will leave the host environment. This creates a real privacy and data-governance risk, especially for sensitive spreadsheets, cross-file analysis, and potentially proprietary business data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.