Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
python-docx pdfplumber
- Confidence
- 97% confidence
- Finding
- python-docx
AI 简历纠错排版大师
Security checks across malware telemetry and agentic risk
Overview
This skill appears to locally audit and format resume text as advertised, with dependency hygiene concerns but no evidence of hidden data access or exfiltration.
Install only if you are comfortable providing resume content to the agent environment. Use the anonymized mode before sharing generated resumes publicly, and prefer pinning or reviewing the Python dependencies before using the skill in a production or shared environment.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)
Unpinned Dependencies
Low
- Category
- Supply Chain
- Content
python-docx pdfplumber
- Confidence
- 97% confidence
- Finding
- pdfplumber
Known Vulnerable Dependency: python-docx — 2 advisory(ies): CVE-2016-5851 (Improper Restriction of XML External Entity Reference in python-docx); CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct XML Exter)
High
- Category
- Supply Chain
- Confidence
- 99% confidence
- Finding
- python-docx
VirusTotal
63/63 vendors flagged this skill as clean.