腾讯文档链接解析归档

Security checks across malware telemetry and agentic risk

Overview

This skill clearly downloads Tencent Docs links the user provides, saves copies locally, and records the links in a spreadsheet.

Install this only if you want the agent to export Tencent Docs you provide, save local copies on your Desktop, and keep a spreadsheet of the document links. Review documents first if they contain business, personal, or regulated data, because the saved files and ledger remain on disk until you remove them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs automatic local file writes, directory creation, and Excel ledger updates without requiring explicit user confirmation or warning that links and metadata will be stored on disk. This can cause unanticipated persistence of potentially sensitive documents and document URLs on a user's machine, especially because the workflow is framed as automatic upon detecting matching links.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal