Ai Report Generator

Security checks across malware telemetry and agentic risk

Overview

This is a simple reporting skill that reads Feishu Bitable metrics to generate Xiaohongshu operations reports, with no hidden code or destructive behavior found.

Install this only if you want reports generated from Feishu Bitable data. Use a Feishu app or token with read-only access limited to the specific Xiaohongshu metrics table, and confirm the target table before running report generation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation example, "生成上周的小红书运营报告", is broad enough to overlap with ordinary user requests, which can cause the skill to trigger implicitly when a user did not clearly intend to invoke this specific capability. Because the skill reads external Feishu Bitable data, accidental invocation can lead to unintended access or processing of third-party business data without sufficiently explicit user awareness.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description explains the reporting function but does not clearly warn the user that it will access external Feishu Bitable data. This reduces informed consent and transparency, increasing the risk that users trigger external data access without realizing business records will be read and analyzed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal