Back to skill

Security audit

Docxport

Security checks across malware telemetry and agentic risk

Overview

Docxport is a document-conversion skill whose risky behaviors are mostly disclosed and aligned with converting documents, though users should watch for dependency installs and remote assets.

Install only if you are comfortable with a document converter that may create files, use local office/conversion tools, and optionally install or fetch dependencies. For sensitive documents, prefer the LibreOffice/pandoc paths, review output paths before conversion, and avoid Mermaid CDN or npx fallbacks unless you explicitly need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to install LibreOffice and other platform packages as part of normal execution. That expands the skill from document conversion into system modification and network/package acquisition, which increases supply-chain, persistence, and unintended-change risk if triggered on untrusted or routine requests.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The md-to-pdf fallback uses npm/npx and may download Chromium, introducing execution of remote package code and large network fetches during a conversion task. This broadens the attack surface beyond file transformation and can expose the host to package-registry or dependency compromise.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The guidance instructs loading Mermaid from a public CDN inside generated HTML, introducing external network dependency and third-party script execution into a document-conversion workflow. This can leak viewer metadata, create supply-chain risk if the CDN asset changes or is compromised, and produce active content in outputs that users may treat as inert documents.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger list contains broad phrases such as 'document analysis' and 'export pdf' that can match many unrelated user requests, causing this skill to activate outside its narrow intended scope. Over-broad activation increases the chance that risky conversion or install logic is applied in contexts where the user did not intend it.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The pandoc command hard-codes `-V lang=ko-KR`, forcing a locale setting without user choice. While not a direct code-execution issue, it can silently alter document metadata, typography, hyphenation, or rendering behavior and produce incorrect outputs for non-Korean documents.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The auto-conversion section instructs the agent to execute file-generating conversions directly once given a path and flags, without requiring user confirmation before writing output files. In an agent setting, this can cause unintended file creation or overwriting in the working directory, especially if paths are user-controlled or ambiguous.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs automatic command execution and file creation with language such as 'execute them directly,' reducing opportunities for user confirmation before modifying the filesystem. In an agent context, this can lead to unintended writes, overwriting files, or execution against attacker-influenced paths if upstream validation is weak.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Mermaid instructions recommend fetching a script from a public CDN without warning the user that conversion or viewing will rely on external network access. In this context, that is risky because the skill is supposed to convert documents, yet it silently introduces remote content loading and associated privacy, integrity, and reliability concerns.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.