Security audit

Logics-Parsing阿里文档解析

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent document-parsing guide with normal setup and privacy cautions, not evidence of harmful behavior.

Install in an isolated Python or conda environment, review the referenced repository and requirements before running them, avoid elevated privileges, and be careful with confidential PDFs or images before parsing or saving extracted content into another knowledge base.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are very broad, everyday requests such as parsing PDFs or extracting formulas, without clear guardrails on when the skill should or should not activate. This can cause unintended invocation on sensitive user documents, increasing the chance of processing private files without sufficiently explicit user intent or contextual confirmation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.