Security audit

Xlsx Generation

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Excel workbook generation guide with no executable code, network behavior, credential handling, or hidden persistence found.

Reasonable to install if you want help creating formatted Excel files. Be aware that its trigger wording is broader than necessary, so invoke it for explicit workbook-generation tasks and review the output path before allowing file creation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill advertises very broad trigger phrases such as general Excel creation requests, which can cause the agent to invoke this skill for a wide range of ordinary spreadsheet-related prompts. Overly broad activation increases the chance of unintended skill execution and prompt-scope hijacking, especially because one trigger is the unusually generic and system-adjacent phrase 'meta-skill-system'.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal