docx
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the defusedxml library for all XML parsing tasks, which is a security best practice to prevent XML External Entity (XXE) attacks. This is implemented in scripts/document.py and scripts/utilities.py.
- [COMMAND_EXECUTION]: The skill performs command execution for document conversion and validation using standard tools like pandoc, soffice (LibreOffice), and git. These executions are performed securely using subprocess.run with a list of arguments and shell=False, preventing command injection vulnerabilities.
- [EXTERNAL_DOWNLOADS]: No suspicious runtime external downloads were detected. The skill references standard dependencies from trusted registries (APT, PyPI, NPM) in its documentation for environment setup.
- [PROMPT_INJECTION]: The instructions within SKILL.md are focused on document structure and redlining workflows. No patterns of prompt injection, safety guideline bypass, or behavior overrides were identified.
Audit Metadata