docx
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted document data through its core workflows, creating a surface for indirect prompt injection.
- Ingestion points:
ooxml/scripts/unpack.py(ZIP extraction) andscripts/utilities.py(XML parsing). - Boundary markers: None explicitly implemented within document content processing to isolate instructions from data.
- Capability inventory:
ooxml/scripts/pack.pyandooxml/scripts/validation/redlining.pyusesubprocess.runto call external utilities likesofficeandgit. TheDocumentlibrary inscripts/document.pyperforms file system writes and XML modifications. - Sanitization: The skill effectively mitigates XML-related risks (like XXE) by using the
defusedxmllibrary for all parsing tasks. - [COMMAND_EXECUTION]: The skill executes external commands (
sofficefor document validation andgitfor diffing) to support its primary document processing functions. These operations are performed on files within a temporary workspace and use securesubprocess.runcalling patterns without shell interpolation. - [EXTERNAL_DOWNLOADS]: The skill documentation identifies standard, well-known dependencies from established registries, such as
pandocand thedocxNode.js package. These references are used for document processing and do not include unverified or risky scripts.
Audit Metadata