Excel自动化脚本生成器

Security checks across malware telemetry and agentic risk

Overview

This skill only guides an agent to generate Excel/Python automation code and contains no executable installer or hidden behavior, but generated scripts should be reviewed before use.

Before running code produced by this skill, inspect file paths and write operations, test on copies or backups of spreadsheets, and be careful with financial, payroll, or business data because generated automation can overwrite or alter files if used incorrectly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill explicitly offers to generate runnable Python and Excel automation code, but it does not warn users that such code may create, overwrite, or modify local files and spreadsheets. In this context, omission of that warning increases the risk that users execute generated code with unrealistic trust, leading to unintended file changes or data loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal