Office Open XML Automation Helper

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Office automation helper whose behavior is disclosed and aligned with its stated purpose.

This skill is reasonable to install if you want help designing Office document automation workflows. Review generated scripts before running them on real Office files, keep backups, and be careful with macro-enabled workbooks or desktop Office automation because those actions can modify local documents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill enables allow_implicit_invocation without any visible activation constraints, so an agent may invoke it in situations broader than intended. Because this skill can influence cross-Office automation workflows, over-broad triggering could cause unreviewed use of file-processing guidance in unrelated contexts, increasing the chance of unsafe automation decisions or unintended data handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal