Document Generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local document-generation skill, with ordinary cautions around dependency installation and choosing input and output file paths.

Use this skill when you want actual DOCX, XLSX, or PDF files created locally. Install Python dependencies in a trusted environment, confirm template/image and output paths before running, and treat Excel values beginning with '=' as formulas unless that is intentional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The description contains very broad activation language such as any mention of tables, formatting, reports, spreadsheets, or documents, which can cause the skill to trigger on ordinary conversational requests that do not require code execution or file generation. Over-broad routing increases the attack surface by invoking a file-capable skill more often than necessary and may lead to unintended file operations or data handling.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The usage guidance says to use the skill whenever the user needs formatted document output, but it does not clearly distinguish document creation from ordinary help with formatting, writing, or tabular presentation in-chat. This ambiguity can cause unnecessary invocation of scripts that read templates or write files, exposing more data and increasing the chance of unsafe side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal