Back to skill

Security audit

Excel Studio

Security checks across malware telemetry and agentic risk

Overview

This is a local spreadsheet-generation skill with purpose-aligned Python dependencies and no evidence of hidden data access, persistence, or exfiltration.

Reasonable to install for Excel or CSV generation. Before use, review generated Python commands and output paths, especially for financial or business data, and consider pinning dependency versions in controlled environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are very broad and map to common, everyday requests like creating tables, doing analysis, or making reports. In an agent system that auto-selects skills by trigger text, this can cause unintended invocation, potentially routing sensitive user data into this skill when another tool or a clarification step would have been more appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.