Docmosis

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Docmosis connector skill, but users should notice it can render documents and use connected Docmosis credentials, not only read template data.

Install only if you are comfortable connecting Docmosis through OOMOL and allowing the agent to run documented Docmosis connector actions. Review render_document inputs before use when they include sensitive data, may consume quota, or produce deliverable documents, and only run the oo CLI installer from a source you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The manifest describes the skill as limited to 'searching and reading data,' but the documented actions include `render_document`, which performs active content generation and can consume quota or trigger downstream processing. This mismatch can cause an orchestrating agent or user to grant broader operational authority than intended, undermining informed consent and safety expectations.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The instruction to use this skill for 'ANY Docmosis request' is overly broad and can suppress safer routing or task-specific validation by the calling agent. In practice, broad trigger language increases the chance that higher-risk operations are funneled through the skill without adequate scope checks or user confirmation.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal