Back to skill

Security audit

wps_office_auto_skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local office-document automation skill whose file access is disclosed and mostly fits its purpose, though users should be careful with broad file paths and old upgrade commands.

Install only if you are comfortable granting file-system access for local office files. Do not let an agent choose arbitrary paths without review, and avoid running the changelog’s environment-file deletion command unless you have verified backups and no longer need those files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code accepts a caller-supplied string path and passes it directly to pandas file-loading functions, allowing the caller to read arbitrary local files that the process can access. In an agent/skill context, this expands the trust boundary from structured input data to unrestricted filesystem access, which can expose sensitive local data or mounted secrets if an attacker can influence the path.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The upgrade guide includes `rm .env .env.example` without an explicit warning or safer alternative, which can lead users to delete configuration files unintentionally. In this project context the files are expected and named, so this is not highly suspicious, but destructive shell commands in documentation can still cause accidental loss of local configuration or secrets needed elsewhere.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad, generic office-task requests such as 'generate document', 'analyze data', and 'convert pdf', which are likely to overlap with many normal user prompts. This increases the chance of unintended or over-eager invocation, causing the skill to access the file system or process documents when the user did not specifically intend to call this particular automation skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.