Document To Markdown

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed document-conversion helper that sends selected Office files to MinerU's cloud service to produce Markdown.

Install this only if you are comfortable using the mineru-open-api tool and sending chosen documents to MinerU for processing. Avoid confidential, regulated, customer, or internal business documents unless your policy allows third-party cloud processing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The invocation guidance is overly broad because it triggers on generic verbs like 'read', 'extract', 'convert', and 'analyze' for common document types. This can cause the agent to invoke the skill for ordinary requests without clearly signaling that file contents may be uploaded to a third-party cloud service, creating unintended data exposure and overbroad tool use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal