Word

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides local macOS Microsoft Word automation guidance, including document edits and exports, with proportionate safety rules.

Install this only if you want an agent to control live Word documents on macOS. Before allowing edits, exports, accept/reject changes, overwrites, or closing documents, confirm the exact document, scope, and output path, and keep ~/word notes limited to non-sensitive environment and workflow details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill includes ready-to-run osascript examples that can modify the currently selected content in a live Word document and export the active document to a filesystem path without any explicit confirmation, dry-run mode, or user-consent step. In an agent setting, these side effects can be triggered against the wrong document or selection context, causing unintended document changes or data exfiltration through PDF export even though the stated purpose appears operational rather than malicious.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal