Back to skill

Security audit

mila

Security checks across malware telemetry and agentic risk

Overview

This Mila skill is a disclosed API/MCP reference for managing cloud documents, sheets, and slides, but its write and delete tools need careful use.

Install only if you want an agent to manage Mila content. Use a dedicated least-privilege API key, prefer read-only scopes unless writes are needed, keep MCP config files private, and require the agent to confirm the exact title, ID, and workspace before any update, replacement, or delete action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises destructive MCP tools such as delete_document, delete_sheet, delete_sheet_tab, and delete_slide_presentation without any caution about irreversible effects or a recommendation to require explicit user confirmation. In an agent context, this increases the chance of accidental or prompt-induced destructive actions against real user data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation exposes a destructive tab-deletion capability but does not include any guidance to require confirmation, verify intent, or warn about irreversible data loss. In an agent skill, that omission increases the chance an LLM or automation will execute a deletion from ambiguous or malicious prompts, causing accidental loss of user data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation exposes a permanent delete capability for slide presentations without any guidance for confirmation, scoping checks, or safeguards before destructive execution. In an agent skill context, this increases the chance that an LLM or automation invokes deletion on the wrong resource due to prompt ambiguity, hallucinated IDs, or user misunderstanding.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
-H "Authorization: Bearer mila_sk_your_key_here"
```

**MCP tool:** `delete_document`

Parameters: `id` (required).
Confidence
63% confidence
Finding
tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
}'
```

**MCP tool:** `create_sheet`

Parameters: `title` (required), `cells` (optional), `tab_name` (optional), `rows` (optional), `columns` (optional), `server_id` (optional).
Confidence
83% confidence
Finding
tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
-d '{"title": "Updated Workbook Title"}'
```

**MCP tool:** `update_sheet`

Parameters: `id` (required), `title` (required).
Confidence
80% confidence
Finding
tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
-H "Authorization: Bearer mila_sk_your_key_here"
```

**MCP tool:** `delete_sheet`

Parameters: `id` (required).
Confidence
93% confidence
Finding
tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
}'
```

**MCP tool:** `create_sheet_tab`

Parameters: `sheet_id` (required), `name` (optional), `cells` (optional), `rows` (optional), `columns` (optional).
Confidence
83% confidence
Finding
tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
}
```

**MCP tool:** `update_sheet_tab`

Parameters: `sheet_id` (required), `tab_id` (required), `name` (optional), `color` (optional), `cells` (optional), `rows` (optional), `columns` (optional).
Confidence
88% confidence
Finding
tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
-H "Authorization: Bearer mila_sk_your_key_here"
```

**MCP tool:** `delete_sheet_tab`

Parameters: `sheet_id` (required), `tab_id` (required).
Confidence
92% confidence
Finding
tool:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
}'
```

**MCP tool:** `append_rows`

Parameters: `sheet_id` (required), `tab_id` (required), `rows` (optional, array), `values` (optional, single row).
Confidence
84% confidence
Finding
tool:*

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**REST API:**

```
DELETE /v1/documents/:id
```

Permanently deletes the document.
Confidence
81% confidence
Finding
DELETE /v1/documents/:id

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**REST API:**

```
DELETE /v1/sheets/:id
```

Deletes the workbook and all of its tabs. This is permanent.
Confidence
95% confidence
Finding
DELETE /v1/sheets/:id

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**REST API:**

```
DELETE /v1/sheets/:id/tabs/:tabId
```

Delete a tab from the workbook. You cannot delete the last tab -- every workbook must have at least one tab.
Confidence
92% confidence
Finding
DELETE /v1/sheets/:id/tabs/:tabId

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.