Word Parser

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Word-document parsing skill, but users should be mindful that parsed document contents may be written locally and processed through MinerU.

Install only if you trust the mineru-open-api package and MinerU service. Choose an output directory deliberately, avoid processing confidential Word documents unless MinerU's data handling is acceptable to you, and delete generated output files when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The skill instructs the agent to write parsed document output to disk, including a default output directory under the user's home directory, without notifying the user or requiring confirmation. This can create unintended local data persistence, especially because parsed Word documents may contain sensitive business or personal information that remains on disk after the task completes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal