Security audit

data-analysis-skills

Security checks across malware telemetry and agentic risk

Overview

This is a coherent structured-data analysis skill with no executable or network behavior, but users should be careful with sensitive datasets because it asks for detailed reasoning-style output.

Install only if you want a detailed structured-data analysis workflow. For private HR, salary, customer, financial, or compliance data, ask the agent to summarize reasoning, redact identifiers, and avoid reproducing raw rows unless needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Natural-Language Policy Violations

High

Confidence: 95% confidence
Finding: The document explicitly instructs the skill to display every step of its chain-of-thought reasoning. Requiring hidden reasoning disclosure is unsafe because it can expose internal deliberations, sensitive intermediate data, policy-related reasoning patterns, and make prompt extraction or follow-on abuse easier. In this skill context, the danger is elevated because the agent analyzes structured business data that may include PII, customer lists, costs, or internal notes; detailed reasoning traces can inadvertently echo or correlate sensitive records even when the final answer could have been safely summarized.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger condition is extremely broad: it fires not only on file uploads like tables/CSV/Excel, but also on common conversational phrases such as '分析数据' and '找关系'. That can cause the skill to be invoked on ambiguous or unrelated requests, increasing the chance of unintended access to user-provided structured data or bypassing a more appropriate, narrower skill.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly instructs the model to expose full chain-of-thought ('每一步的推理都要展示出来（CoT）'). In a data-analysis skill, this can leak sensitive intermediate reasoning, hidden heuristics, and user data transformations into responses, especially when analyzing private business or personal datasets.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The eval suite reinforces extremely broad activation phrases such as '帮我看看' and '帮我分析一下', which overlap with ordinary conversation and can cause the skill to trigger on unrelated user requests. In an agent setting, over-broad routing increases the chance that sensitive data is unnecessarily pulled into this skill or that the skill intercepts requests better handled by safer, narrower workflows.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger examples in lines 8–13 are broad natural-language phrases like '这表里有什么值得注意的？', '帮我对对账', and '你看这组数据有没有猫腻', which can match many ordinary conversations without clearly requiring structured-data analysis. This increases the chance of unintended skill invocation, causing the agent to route unrelated or sensitive user requests into this skill and potentially process data or files the user did not mean to analyze through this pathway.

Ssd 3

Medium

Confidence: 98% confidence
Finding: Requiring both full chain-of-thought disclosure and detailed step-by-step reasoning in outputs creates a direct risk of echoing sensitive user data, proprietary business logic, or intermediate derivations that should remain internal. In the context of uploaded tables, CSVs, and Excel files, those traces can inadvertently reproduce personal or confidential fields far beyond what is necessary for the task.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The skill instructs the model to retain and reuse user corrections within the session as '经验沉淀'. Even if limited to the current session, this encourages persistence of potentially sensitive user input in natural-language memory and increases the chance that private corrections, business context, or identifiers are resurfaced later in the conversation.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The assertion explicitly requires chain-of-thought disclosure, encouraging the model to emit hidden reasoning rather than concise answers. This is dangerous because chain-of-thought can expose internal decision heuristics, leak sensitive intermediate inferences about user data, and weaken downstream safety controls by normalizing verbose hidden reasoning output.

Ssd 3

Medium

Confidence: 98% confidence
Finding: This second assertion repeats the requirement to reveal chain-of-thought, showing the behavior is systematic rather than accidental. In a skill designed to analyze potentially sensitive business, HR, procurement, and personal data, forcing detailed reasoning output increases the risk that sensitive derived inferences and internal model traces are exposed to end users.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal