Security audit

CSV可视化表格

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward CSV-to-HTML visualization helper, with the main caution that shared HTML files may contain the pasted data.

Install only for data you are allowed to transform and share. Before sending generated HTML to others, assume the CSV contents may be visible inside the file and redact personal, confidential, or regulated data as needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly generates a standalone HTML file from pasted CSV data and is intended for sharing, but it does not warn users that any personal, confidential, or regulated data in the CSV will be embedded directly into that distributable artifact. This can lead to accidental disclosure of sensitive information when users share the generated HTML internally or externally, especially because the workflow is optimized for easy distribution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal