Word Studio

Security checks across malware telemetry and agentic risk

Overview

This is a normal Word document generation skill with expected local file creation and no evidence of hidden data access, persistence, or exfiltration.

Install this as a local document-generation helper. Prefer .docx output, use a virtual environment for Python packages, avoid giving it unrelated private file paths, and review generated legal, financial, or professional documents before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The skill does create artifacts in the workspace and may delete or rename temporary files during format conversion, yet this side effect is not clearly disclosed. Hidden file-system side effects reduce user awareness and can lead to unintended overwrites, confusion, or data loss in shared or automated environments.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal