中文word文档通用格式标准化

Security checks across malware telemetry and agentic risk

Overview

This skill locally formats user-selected Word documents and does not show hidden network access, credential use, persistence, or unrelated file access.

Before using it on important documents, keep a backup and provide an explicit output filename if you need predictable results. Be aware that the tool is meant to change formatting and layout, and install python-docx only from a trusted Python environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs users to run a formatter that alters Word documents but does not clearly warn that formatting and possibly content layout will be modified, including the possibility of overwriting the original file when no explicit output path is provided. This can lead to accidental loss of original formatting, document corruption, or destructive changes to important files, especially in automation workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal