docx-footnote-reader
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do what it claims: read a user-selected Word document and extract body text, footnotes, and endnotes.
Install this only if you are comfortable using npm dependencies and with the agent seeing the contents of the DOCX files you choose to process. Review the word-extractor dependency if using this in a sensitive environment.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.