Doc Xls2docx Xlsx

Security checks across malware telemetry and agentic risk

Overview

This is a local Office file conversion skill whose behavior matches its stated purpose, with a disclosed overwrite risk users should manage with backups or a separate output folder.

Use this on copies or backed-up folders, especially in batch mode, because existing .docx or .xlsx outputs can be replaced. Prefer a separate output directory, and avoid converting untrusted Office documents on a sensitive machine because Word will open .doc files during conversion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly states that existing output files will be automatically overwritten, which can cause silent data loss or destruction of prior converted/manual edits if users point it at the wrong directory or rerun batch jobs. In a batch document-conversion skill, this context makes the issue more dangerous because many files may be replaced in one operation without confirmation or backup guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal