Data Visualization Designer

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward data-visualization skill that guides chart creation and does not include hidden code, persistence, credential use, or installation behavior.

Reasonable to install for chart and visualization work. Avoid pasting sensitive datasets unless you are comfortable with the agent using that data in generated chart code, and review generated HTML/JavaScript before running it when the input data came from an untrusted source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill’s use-case and workflow language is broad enough that it could be invoked for many loosely related requests involving user-provided files and direct HTML/JavaScript generation. In an agent setting, weak trigger boundaries can cause over-activation and increase exposure to prompt injection embedded in datasets or unsafe code generation requests, especially because the skill is instructed to produce runnable browser code.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal