Office Reader

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local document-reading skill, with privacy caution because it can display chosen file contents in chat.

Install only if you want the agent to read specific local documents. Confirm paths before opening private files, remember that extracted contents may appear in the chat, and verify any separate office-reader.ps1 script or pip dependencies because that script is not included in this package.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill advertises very broad natural-language triggers such as "读取 C:\path\to\file.docx" and says it will automatically invoke the office-reader script, but it does not define clear trigger boundaries, confirmation requirements, or exclusions. In an agent setting, this can cause unintended local file access when a user message merely mentions a path or when untrusted content includes file paths that the agent interprets as an instruction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal