Ifc To Excel

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed IFC-to-Excel conversion helper that needs filesystem access and an external converter, with no evidence of hidden persistence, data theft, or unrelated behavior.

Install this only if you are comfortable letting the agent read the IFC files and write conversion outputs in folders you choose. Use a trusted IfcExporter or IfcOpenShell installation, verify converter and input paths before running batch jobs, and review generated Excel or geometry files before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Low

Confidence: 83% confidence
Finding: This markdown file documents conversion of IFC files into structured Excel databases and later shows writing multi-sheet Excel output, but it does not warn users about filesystem side effects such as creating .xlsx/.dae artifacts in the working location. For a markdown skill description, SQP-2 applies when behaviors affecting user data or system state are not disclosed.

Unvalidated Output Injection

High

Category: Output Handling
Content: if not export_collada: cmd.append("-no-collada") result = subprocess.run(cmd, capture_output=True, text=True) if result.returncode != 0: raise RuntimeError(f"Export failed: {result.stderr}")
Confidence: 85% confidence
Finding: subprocess.run(cmd, capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal