Back to skill

Security audit

Chart AI

Security checks across malware telemetry and agentic risk

Overview

ChartGen is a coherent cloud chart and data-analysis skill, but users should understand that confirmed requests and selected spreadsheet files are sent to ChartGen.

Install only if you are comfortable using ChartGen's cloud service for chart and spreadsheet analysis. Use a dedicated ChartGen API key, verify any CHARTGEN_API_URL override, and avoid uploading confidential or regulated spreadsheets unless ChartGen's terms and privacy practices are acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation conditions are very broad, covering generic visualization, analysis, reporting, spreadsheet upload, and even any mention of ChartGen. This can cause the skill to activate for many ordinary user requests and file uploads, increasing unnecessary exposure of user prompts and local file data to an external API.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This code transmits user query text and the full contents of local spreadsheet files to a third-party service at BASE_URL, but the transmission happens silently within the helper with no built-in confirmation, consent gate, or visible disclosure at the point of upload. In an agent/skill context, that is a real data-exfiltration risk because users may assume files are processed locally while sensitive business data is sent off-host.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The helper writes service-returned images and PPTX files into local media/workspace directories without an explicit opt-in or retention controls. In an agent environment this can leave sensitive generated artifacts on disk unexpectedly, increasing exposure to other local users, later agent steps, or forensic recovery from shared workspaces.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.