Back to skill

Security audit

Mddoc

Security checks across malware telemetry and agentic risk

Overview

This skill is a Markdown-to-Word formatting helper with expected file conversion behavior, but users should be aware it may install Python packages and fetch remote images when converting documents.

Install only if you want a Markdown-to-DOCX formatting helper. Review conversions that contain remote image links, because the skill may fetch those URLs to embed images; for sensitive or untrusted Markdown, prefer local images or ask the agent not to download remote assets. Expect it to install Python dependencies and create DOCX files in the indicated output location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs downloading remote images during document conversion, which introduces outbound network access and SSRF-style risk beyond a simple local Markdown-to-DOCX transformation. If untrusted Markdown contains attacker-controlled image URLs, the converter may contact arbitrary internal or external hosts, leak access metadata, or embed malicious content without clear user consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases include broad everyday wording such as converting content to Word, which can cause the skill to activate in situations the user did not specifically intend. Because this skill reads files, writes documents, and may perform network downloads, over-broad invocation increases the chance of unintended data access or external requests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow describes reading local files, generating output files, and downloading remote images, but it does not clearly disclose these side effects or require explicit consent. This can lead users to unintentionally expose local data or trigger network access during what appears to be a straightforward format-conversion task.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.