Back to skill

Security audit

Excel Data Quality Check

Security checks across malware telemetry and agentic risk

Overview

This is a coherent spreadsheet analysis skill, but users should notice that its advanced chart path can leave the local-only workflow.

Install this only if you are comfortable with the agent reading spreadsheet contents and showing representative cell values in the conversation. Use quality checks and basic charts for local processing; choose Advanced Chart/ChartGen only after separately reviewing that skill and confirming you are allowed to send the relevant data to an external API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The sub-skill explicitly delegates advanced chart requests to an external ChartGen API even though the parent skill is described as 'Fully local.' This creates a misleading trust boundary: users may provide sensitive spreadsheet data expecting local-only processing, but the workflow can route data to a third-party service and require external credentials, causing confidentiality and compliance risks.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The documentation instructs the agent to recommend installation of an external skill from a remote GitHub repository to satisfy user requests. This expands the system's attack surface through supply-chain risk and can normalize pulling unreviewed code or integrations unrelated to the core local data-helper promise, especially in workflows involving uploaded files.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README includes generic invocation examples such as asking what is in an Excel file or checking data quality, and the skill metadata says to activate whenever a user uploads or merely mentions spreadsheet files, even without an explicit request. That broad trigger surface can cause the agent to invoke this skill on ordinary file-related conversations without clear user intent, which creates unnecessary data exposure to the skill and increases the chance of unintended processing of sensitive spreadsheet contents.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill instructs activation whenever a user uploads, attaches, or merely mentions common spreadsheet file types, even without an explicit request. That broad trigger can cause unsolicited processing prompts around potentially sensitive files and creates an opportunity for context hijacking, privacy surprises, or user-confusing skill invocation in unrelated conversations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly directs the agent to create PNG files immediately without first obtaining user confirmation or clearly disclosing that files will be written to disk. While chart rendering is aligned with the skill’s purpose, automatic file creation can surprise users, create unwanted artifacts, and expose output paths or overwrite expectations in environments where filesystem side effects should be user-approved.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The sample extraction logic returns actual cell values from the most complete rows, which can directly expose sensitive dataset contents such as names, emails, account numbers, or free-text records. In this skill context, the tool is designed to automatically activate on uploaded spreadsheet files, making unintended disclosure more likely because users may not explicitly expect raw samples to be surfaced.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The profiler explicitly detects sensitive data classes such as email addresses, phone numbers, IP addresses, and national ID formats. Even if intended for data-quality analysis, this creates privacy risk because it inventories sensitive attributes without consent messaging, minimization, or safeguards; in an auto-triggering spreadsheet helper, that risk is elevated because uploaded files commonly contain personal data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.