docx-perfect
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes command-line Python execution (
python -c) to extract text from Word documents and manage file versions. - [COMMAND_EXECUTION]: The workflow involves running a provided Python script (
scripts/template.py) that performs local file operations and document styling. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external Word files without sanitization or boundary markers.
- Ingestion points: Document text is read via the
docxlibrary as described in 'SKILL.md' and 'references/workflow.md'. - Boundary markers: None identified; document content is not delimited or isolated from the agent's core instructions.
- Capability inventory: The skill has the ability to read/write local files and execute Python scripts based on processed document data.
- Sanitization: None identified; all document text is treated as legitimate content for analysis.
Audit Metadata