pyspark-to-excel

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a simple text-formatting helper for turning PySpark table output into Excel-friendly text.

Before installing, check that you want a helper that may activate on broad table-formatting phrases. It should be safe for normal pasted table text, but avoid pasting sensitive data unless you are comfortable having the agent process it in the chat context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are broad enough that the skill could be invoked in situations beyond explicit PySpark `.show()` formatting requests, especially terms like '表格整理' or '复制到excel'. That can cause unintended routing and unexpected transformation of user content, but the skill itself only reformats pasted text and does not execute code, access external systems, or perform privileged actions, which limits security impact.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal