策略分析报告师

Security checks across malware telemetry and agentic risk

Overview

This skill reads user-provided Excel performance data and creates local analysis reports, with no evidence of hidden networking, credential access, persistence, or destructive behavior.

Install and run this in a dedicated project or virtual environment, place only the intended Excel files in the data folder, choose an output directory you are comfortable retaining or sharing, and delete generated JSON, charts, PDF, and DOCX files when they contain sensitive financial data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs reading user-uploaded Excel files and writing multiple output artifacts, but it does not prominently warn the user that their files will be processed and that reports and intermediate JSON/chart files will be created on disk. This can lead to unanticipated handling of potentially sensitive financial data, retention of derived analytics, and accidental disclosure if output locations are shared or reused.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal