Excel / WPS Table Diagnosis

Security checks across malware telemetry and agentic risk

Overview

This spreadsheet-help skill is coherent and low risk; the main caution is that table samples may contain sensitive business or personal data.

Installers should treat this as an advisory spreadsheet assistant. Share only the headers and sample rows needed for diagnosis, review formulas before applying them, and disable implicit invocation if they want the skill used only when explicitly named.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The default prompt is broadly phrased and can cause the skill to be invoked on vague user requests without strong scoping or confirmation. Because the skill inspects user-provided tables and recommends transformations, over-broad invocation mainly risks unintended activation, unnecessary exposure of spreadsheet contents to the skill context, or misrouting rather than direct code execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal