docx-to-md
Security checks across malware telemetry and agentic risk
Overview
This DOCX converter generally does what it says, but a specially crafted document could make it move local files outside the intended output area.
Review or patch the script before using it on untrusted DOCX files. A safer version should normalize and validate archive member paths, avoid using raw ZIP names for filesystem operations, and only rename the actual extracted file within the chosen output directory.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.