Back to skill

Security audit

Word Automation

Security checks across malware telemetry and agentic risk

Overview

This is a local Word/WPS document automation skill with expected file-editing power and no evidence of hidden exfiltration, persistence, or destructive behavior.

Install this only if you want local automation that can read, edit, create, and export Word/WPS documents. Use copies for important files, choose output paths carefully, and be aware that merge/split can touch more than one document or produce multiple files despite the no-batch wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented behavior conflicts with the stated scope: the skill claims single-document use but also exposes merge and split workflows that can process multiple files or produce multiple outputs. This mismatch is dangerous because users, policy engines, or reviewers may grant trust based on a narrower capability set than the skill actually exercises, increasing the chance of unintended bulk document manipulation or data exposure.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest says 'single-document actions (no batch)' while the documented commands include merge and split operations that inherently act on multiple inputs or generate multiple derivative files. This inconsistency can mislead operators and automated trust decisions, making the skill more dangerous in environments where document count or output fan-out matters for confidentiality and change control.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The note tells users to avoid batch usage, yet the command list advertises batch-like merge and split operations. Conflicting guidance weakens user understanding and can result in accidental broader document processing than intended, especially in enterprise environments handling sensitive files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.