数据处理脚本生成器

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent for generating spreadsheet/report automation scripts from user-provided files, with no hidden installer or unrelated data access found.

Install only if you want help creating spreadsheet/report automation scripts. Before using it, provide only the files needed for the task, check samples for sensitive business or personal data, review any generated Python script for file writes or deletions before running it, and test first on copies or non-production data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad enough to activate this skill for generic scripting or automation requests, which can cause unintended routing and bypass more appropriate, narrower skills or safety checks. In this context, the skill is designed to generate executable Python scripts that operate on user files and paths, so overbroad activation increases the chance of producing code in situations where the user did not specifically intend this workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal