财务图表制作展示 Financial Charts

Security checks across malware telemetry and agentic risk

Overview

This skill generates local financial chart HTML files as described, with the main caveat that the generated chart loads ECharts from a public CDN when opened.

Install only if you are comfortable generating local HTML files from your data. Opening those files will load ECharts from jsDelivr, so avoid highly sensitive financial data unless you review the output, use a locally bundled ECharts copy, or open it in a restricted/offline environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The generated HTML imports ECharts from a public CDN, which causes the output file to make a network request when opened. That expands the skill's trust boundary from local file generation to remote code execution in the browser, creating supply-chain, privacy, and offline-reliability risks if the CDN is unavailable, tampered with, or blocked.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal