Trust Assessment
wps-word-automation received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 0 medium, and 1 low severity. Key findings include Arbitrary File System Access via Word/WPS COM Automation, Unpinned Dependency: pywin32.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File System Access via Word/WPS COM Automation The skill allows an attacker to perform arbitrary file system operations (read, write, create, include) by manipulating Microsoft Word or WPS Writer COM objects. User-controlled arguments such as `--input`, `--output`, `--save`, `--outdir`, `--image`, and `--inputs` are directly used as file paths in sensitive COM methods (`Documents.Open`, `SaveAs`, `InsertFile`, `AddPicture`) and Python file system operations (`Path.write_text`, `Path.mkdir`). This enables:
1. **Data Exfiltration**: Reading the content of any file accessible to the skill's execution context (e.g., `cmd_read` can output file content to stdout or another file; `cmd_merge` and `cmd_image` can embed arbitrary file content into a document).
2. **Arbitrary File Write/Modification**: Overwriting existing files or creating new files in arbitrary locations (e.g., `cmd_replace`, `cmd_insert`, `cmd_export`, `cmd_split`, `cmd_image` can save modified documents or new documents to user-specified paths).
3. **Directory Creation**: Creating directories in arbitrary locations (`cmd_split`).
This constitutes a severe command injection vulnerability by abusing the COM interface, granting excessive permissions to the skill and leading to potential system compromise or data loss. Implement strict input validation and sanitization for all file paths provided by the user. Restrict file operations to a designated, isolated sandbox directory. Avoid directly passing user-controlled paths to file system or COM object methods without validation. Consider using an allowlist for file extensions and ensuring paths are relative to a secure base directory. If possible, run the skill with least privilege. | LLM | scripts/wps_word_automation.py:30 | |
| LOW | Unpinned Dependency: pywin32 The `pywin32` dependency is imported without a specific version pin. This introduces a supply chain risk, as future installations could pull in a new, potentially incompatible, or even malicious version of the library. While `pywin32` is a legitimate and widely used library, unpinned dependencies are a general security best practice violation. Pin the `pywin32` dependency to a specific, known-good version in the project's dependency management file (e.g., `requirements.txt` or `pyproject.toml`). For example, `pywin32==306`. | LLM | scripts/wps_word_automation.py:14 |
Scan History
Embed Code
[](https://skillshield.io/report/e1d4250d325f4409)
Powered by SkillShield