Back to skill

Security audit

Spreadsheets Cog

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent CellCog spreadsheet-generation helper, with a privacy caveat because spreadsheet prompts may be sent to an external service.

Install only if you are comfortable using CellCog as an external spreadsheet-generation service. Avoid submitting secrets, regulated personal data, confidential financials, customer data, or proprietary business records unless your organization has approved CellCog's data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly depends on an external provider (CellCog) and instructs users to send prompts and spreadsheet-generation tasks through that service, but it does not clearly warn that user prompts, workbook content, and potentially sensitive business or financial data may leave the local environment. This can lead users to unknowingly disclose confidential information such as budgets, forecasts, customer data, or employee records to a third party.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.