Security audit

Cost Report Generator

Security checks across malware telemetry and agentic risk

Overview

This skill locally converts a user-provided Excel cost spreadsheet into a formatted Excel report, with no evidence of hidden network access, credential use, or destructive behavior.

Install only if you intend to process project-cost spreadsheets locally. Use an explicit output directory with appropriate access controls, and review the generated Excel report before sharing because it can contain sensitive business cost data copied or derived from the source file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation states that the script generates and saves a report file locally, but it does not prominently warn users that a new spreadsheet will be written to disk, potentially in the source file's directory by default. In enterprise or shared environments, silent local file creation can expose sensitive financial data, create unintended copies, or violate user expectations about where confidential reports are stored.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal