docx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill uses 'subprocess.run' to execute the 'soffice' command (LibreOffice) for document validation and conversion to HTML. This is a primary functional requirement. As the skill is from a trusted source ('anthropics'), the risk of command injection is considered minimal.
- Indirect Prompt Injection (LOW): The skill ingests and processes untrusted Office documents (.docx, .pptx, .xlsx). 1. Ingestion points: 'ooxml/scripts/unpack.py' (via zipfile) and 'ooxml/scripts/validation/docx.py' (via lxml). 2. Boundary markers: Absent. There are no explicit instructions to the agent to disregard instructions found within the document contents. 3. Capability inventory: Includes subprocess execution of 'soffice' in 'ooxml/scripts/pack.py'. 4. Sanitization: The skill effectively uses 'defusedxml' to sanitize XML data and protect against XML External Entity (XXE) attacks.
- SAFE (SAFE): The code demonstrates high security maturity by using 'defusedxml' for all XML parsing operations and implementing strict validation logic in the 'validation/' directory.
Audit Metadata