GI Excel PDF Process

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local Excel/PDF processing helper with a routing-scope caution but no evidence of hidden access, persistence, exfiltration, or destructive behavior.

Install in a virtual environment from a trusted package index, use it only on files you intend to process, and check the CSV output path because the Excel conversion script can overwrite the chosen destination.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description is broad enough to trigger on generic mentions of spreadsheets, PDFs, or report generation, which can cause the agent to invoke this skill outside its intended scope. Over-broad routing can expose uploaded files to unnecessary parsing or steer the agent into using file-processing behaviors when a simpler, safer response would suffice.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The usage conditions rely on very broad trigger phrases like '表格', '报表', and 'PDF 提取', without defining required prerequisites such as an attached file or an explicit transformation request. This ambiguity increases accidental invocation risk, which may lead to unintended handling of sensitive documents or tool usage beyond user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal