广告数据分析

Security checks across malware telemetry and agentic risk

Overview

This skill locally analyzes uploaded advertising spreadsheets and generates charts, with no evidence of hidden data sharing or persistence.

Install this if you want a Chinese-language advertising report analyzer. Use it only with spreadsheet reports you intend to process locally, and be careful with broad requests like “analyze this report” if the attached file is unrelated or sensitive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description includes broad natural-language phrases like “帮我分析投放数据/看看这个报表/哪个计划效果差/数据有没有问题”, which can match common user requests and cause the skill to activate in situations beyond its intended scope. Because this skill processes uploaded files and runs local analysis tooling, accidental invocation could lead to unintended handling of user data or confusion about which skill should respond.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal