Agent Visio User

Security checks across malware telemetry and agentic risk

Overview

This is a lightweight onboarding guide for a Visio diagram workflow, with no bundled executable code and disclosed external setup steps.

Install this only if you intend to work with the DiagForge/DrawForge Visio automation workflow. Before running the smoke test, review or pin the external repository, run it in a prepared local clone, expect preview and editable output files to be created, and keep VISIO_BRIDGE_TOKEN out of logs, commits, and shared transcripts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: This markdown/manifest file declares `VISIO_BRIDGE_TOKEN` as a required environment variable, which indicates the skill depends on a credential or sensitive token. The surrounding description explains onboarding and execution steps but does not warn users that the skill relies on sensitive credentials or advise safe handling before running the workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal