docx-design-agent

The skill's described capabilities align with its stated purpose and are technically coherent for a macOS Word document design agent. I did not find code-level obfuscation or explicit malware in this specification. However, there is a notable supply-chain / privacy risk: image generation is routed through a third-party skill ('baoyu-danger-gemini-web') whose trust and endpoints are unspecified — this could leak prompts or document content to an external party. Additionally, AppleScript-based live editing grants broad access to any open Word document, which is necessary for functionality but increases sensitive-data exposure. Recommendation: mark as SUSPICIOUS until the external image-generation provider and network endpoints are identified and verified (use official/trusted APIs or provide an option to disable remote image generation). Ensure the environment variable usage is documented and consider an explicit confirmation step before sending any document content to external services.