Skills
skills/404kidwiz/claude-supercode-skills/docx/Gen Agent Trust Hub

docx

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to process external content via template placeholders and batch data records, which can contain malicious instructions. \n
  • Ingestion points: Template placeholders ({{variable}}) and data records used in batch processing (documented in Core Workflows). \n
  • Boundary markers: Absent. There are no instructions or delimiters provided to separate data from instructions. \n
  • Capability inventory: File system write access (Save document, modify existing docx files) and programmatic automation. \n
  • Sanitization: Absent. No mention of escaping, validation, or filtering of external content is included in the workflows or best practices. \n- [No Code] (INFO): No executable scripts, code blocks, or prompt logic were detected in the skill; it contains only descriptive markdown and metadata.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:44 PM