Google Sheets Reporting

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: imports n8n workflows that read a configured Google Sheet and email scheduled reports or alerts to a configured recipient.

Install only for sheets whose contents are appropriate to send by email. Verify REPORT_EMAIL and SMTP credentials before activation, use least-privilege Google Sheets access, avoid regulated or highly sensitive spreadsheets unless recipients are approved, and disable schedules you do not want running continuously.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This workflow automatically emails alert content derived from spreadsheet rows, including row identifiers such as id, name, or email, without any minimization or explicit approval step. If the sheet contains sensitive or personal data, the workflow can repeatedly exfiltrate that information to an email recipient, and the generated HTML is built from raw sheet values with no escaping, increasing the risk of unsafe content being propagated in notifications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal