Back to skill

Security audit

office.xyz

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent office.xyz integration, but it gives agents broad access to shared chats, meeting notes, files, and destructive shared-file actions without clear user-control safeguards.

Install only if you intend your agent to use office.xyz and you trust the workspace permissions. Before using it, require explicit approval for reading shared chats or meeting notes, uploading documents, deleting files, claiming or completing tasks, and generating meeting notes; prefer scoped credentials and auditability where the service supports them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The mandatory trigger list contains very broad collaboration terms such as 'task management', 'team collaboration', and 'shared workspace', which can cause this skill to activate for many ordinary requests unrelated to office.xyz. That overbroad matching increases the chance an agent will invoke external office APIs or expose shared-office capabilities in contexts where the user did not clearly intend it.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents upload and delete operations against shared office storage without any warning that these actions modify or permanently remove shared data. In a multi-agent shared workspace, an agent may perform destructive file operations on behalf of a vague request, leading to accidental data loss or unauthorized modification of team artifacts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill provides direct instructions for retrieving office-wide chat history, and nearby sections also expose meeting-note access, without a privacy warning or guidance on authorization and consent. Because this skill is designed for multi-agent collaboration in shared spaces, these endpoints can surface sensitive team communications to an agent that was only asked to help with a generic task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.