docx-perfect
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. The skill ingests untrusted content from external Word documents and uses it to generate logic and data for table creation. * Ingestion points: SKILL.md and scripts/template.py read paragraphs from external .docx files using Document('source.docx'). * Boundary markers: Absent. No instructions are provided to the agent to ignore instructions embedded in the document text. * Capability inventory: Shell command execution (python -c), file modification/creation (doc.save), and script execution. * Sanitization: Absent. Text extracted from documents is used directly to define TABLE_DATA or identify sections for replacement in script templates.
- [COMMAND_EXECUTION] (HIGH): The workflow relies on executing Python code blocks via the shell (python -c) and running local scripts that are dynamically modified by the agent with potentially tainted data extracted from source documents.
Recommendations
- AI detected serious security threats
Audit Metadata