data-analysis-init

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent PMO data-analysis helper, with expected local spreadsheet parsing and disclosed web-search enrichment, but users should avoid exposing sensitive business details in searches.

Install only if you are comfortable giving the agent access to the selected Feishu sheet or local sample file. Keep sensitive identifiers, exact internal metrics, customer data, and confidential incidents out of web-search queries, and review the generated ./user-data/ reports and configs before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill plans to access Feishu spreadsheet data and perform external web searches without clearly warning users that sensitive business context may be transmitted to third-party services. In a PMO/data-analysis setting, source data and derived search queries can contain confidential operational information, making privacy leakage materially more likely.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The trial-run and recurring workflow repeatedly instruct the agent to search externally based on business anomalies and industry context, but does not warn that these searches may encode sensitive facts derived from internal data. Repeated automated searches amplify the chance of leaking confidential trends, incidents, or competitive intelligence over time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal