Data Viz Reporter

Security checks across malware telemetry and agentic risk

Overview

This is a plain reporting skill for turning user-provided business data into charts and reports; its main risk is that users may include or redistribute sensitive data in the generated output.

Before using this skill, remove secrets, credentials, personal data, customer or employee records, and unnecessary confidential details from datasets. Prefer aggregated or anonymized data, and review the raw-data appendix and generated ECharts/Draw.io code before sharing because they may contain source values.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly asks users to provide raw business data in formats like Excel, CSV, JSON, or pasted content, but it only briefly mentions confidentiality for financial data and does not warn against including personal, customer, employee, or other sensitive business data in prompts, reports, appendices, or generated chart code. Because the output template includes a raw data appendix and embeddable ECharts/Draw.io code, sensitive data could be exposed, retained, or redistributed more broadly than intended.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal