Automate Excel 0.1.3

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Excel automation skill that edits user-specified spreadsheet files, with no evidence of hidden network access, credential use, persistence, or deceptive behavior.

Use this for local Excel/CSV automation, but run it on copies or explicit output files for important workbooks. Be especially careful with commands that rename sheets or apply formatting without an output path, because those can modify the original file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill prominently documents write, append, overwrite, split, rename, and formatting operations on Excel files, but it does not instruct the agent or user to confirm destructive actions before modifying existing files. In an automation context, this omission can lead to accidental overwrites, in-place corruption of business spreadsheets, or loss of formatting/data when users intended a dry run or a new output file.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal