Back to skill

Security audit

ChartGen

Security checks across malware telemetry and agentic risk

Overview

ChartGen is a disclosed external charting and data-analysis integration, but users should avoid sending sensitive files unless they trust ChartGen.

Install only if you are comfortable sending confirmed prompts and selected spreadsheet data to ChartGen for processing. Use a ChartGen-specific API key, avoid uploading sensitive or regulated data unless permitted, and be cautious with any CHARTGEN_API_URL override because the helper can also download result files from URLs returned by the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares access to an environment variable (CHARTGEN_API_KEY) via metadata but does not declare corresponding permissions, creating a mismatch between documented capabilities and the permission model. This weakens reviewability and can cause agents to grant or use sensitive configuration access without explicit approval.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to use background execution or cron-style polling, which introduces persistence and scheduled execution behavior beyond simple chart generation. Long-running background jobs increase attack surface, can outlive user intent, and may be abused for stealthy repeated execution or resource consumption.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly supports sending uploaded Excel/CSV files and using web/external sources through an external API, which means user data may be transmitted off-platform. Without strict scoping, consent, or data-classification controls, sensitive business or personal data could be exposed to third parties.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The tool follows a server-provided download_url and fetches it with http/https without validating the host, scheme, redirect target, or destination policy. That turns the helper into a server-influenced network client and can enable SSRF-style access to internal services, unexpected outbound requests, or retrieval of malicious/untrusted content, especially because redirects are also followed.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are overly broad, covering generic requests like reports, data analysis, and spreadsheet uploads, so the skill may activate for many unrelated or sensitive workflows. Over-broad invocation increases the chance that confidential data is routed to this external service without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs file upload and use of external/web sources but omits an explicit warning that user files and prompts will be sent to a third-party service. This lack of transparency can cause inadvertent disclosure of sensitive spreadsheet contents, metadata, or proprietary reports.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.