Security audit

Docx Generation

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Word document generation guide that discloses local .docx output and does not show hidden execution, credential use, networking, or persistence.

Install only if you want an agent to generate local Word documents. When using it, provide a clear filename and save location, avoid overwriting existing documents unless intended, and review generated documents before sharing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs that generated content will be saved as a `.docx` file, but it does not clearly disclose file-system side effects or require user confirmation before creating files. In an agent environment, silent or unexpected file creation can overwrite user data, create sensitive artifacts, or violate user expectations about what actions the skill will take locally.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal