Back to skill

Security audit

unisound-med-doc-preprocess

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed medical document preprocessing library with expected file parsing behavior, but users should handle sensitive health documents carefully.

Install only where downstream skills are expected to process medical documents. Avoid feeding untrusted legacy Office files unless LibreOffice and OCR/PDF tools run in a constrained environment, and ensure sensitive medical data is handled under your privacy and retention requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if not office_bin:
        raise PreprocessError("libreoffice/soffice not found. Install: sudo apt-get install libreoffice")
    with tempfile.TemporaryDirectory(prefix="med-doc-preprocess-") as tmp_dir:
        proc = subprocess.run(
            [office_bin, "--headless", "--convert-to", "txt:Text", "--outdir", tmp_dir, str(path)],
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
Confidence
80% confidence
Finding
proc = subprocess.run( [office_bin, "--headless", "--convert-to", "txt:Text", "--outdir", tmp_dir, str(path)], stdout=subprocess.PIPE, stderr=subprocess.PIP

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The library dynamically discovers and executes external binaries from PATH, which broadens trust to the host environment and increases the impact of PATH hijacking or compromised toolchains. In a reusable preprocessing skill for medical documents, this is more dangerous because the component is likely to process untrusted uploads and may run in automation pipelines with elevated data access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This shared preprocessing skill is explicitly designed to ingest and extract contents from medical documents, which are likely to contain highly sensitive personal and health information. Omitting a clear warning about handling protected medical data increases the risk of accidental misuse, over-collection, or inappropriate downstream sharing by integrators.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.