Data Analysis Report

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local data-analysis report generator with no evidence of hidden network transfer, credential access, or destructive behavior.

Install only if you are comfortable running local Python analysis code on the datasets you provide. Use a virtual environment, invoke it deliberately for sensitive files, and re-review any future version that adds scheduling, email delivery, API integration, or automatic cleanup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are generic, high-frequency requests such as '分析这个数据' and 'generate data insights report', which can easily overlap with normal user prompts and cause unintended activation. In an agent ecosystem, accidental invocation can route sensitive data or user intent into the wrong workflow, creating privacy, authorization, and reliability risks even without explicitly malicious behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal