docx
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external CLI tools including
soffice,git, andpandocfor document validation, comparison, and structured text extraction. These operations use argument-list invocation via thesubprocessmodule, which prevents shell injection vulnerabilities.\n- [PROMPT_INJECTION]: The skill processes untrusted document data, creating a surface for indirect prompt injection.\n - Ingestion points: Processes raw XML from
.docxarchives and converts document content to markdown viapandoc.\n - Boundary markers: Lacks explicit delimiters or markers to isolate untrusted text from extracted documents before it is returned to the agent context.\n
- Capability inventory: Includes file system writing via the custom
Documentclass and execution of system binaries.\n - Sanitization: Robustly utilizes the
defusedxmllibrary for XML parsing across all core scripts to prevent XML External Entity (XXE) and quadratic expansion attacks.
Audit Metadata