docx
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes external binaries including soffice (LibreOffice), git, pandoc, and pdftoppm to perform document conversion, structural diffing, and text extraction. These operations use subprocess.run with argument lists rather than shell strings, preventing shell injection vulnerabilities. These tools are essential for the primary functionality of advanced OOXML manipulation.\n- [PROMPT_INJECTION]: As a tool designed to process Word documents (.docx), the skill has an inherent attack surface for indirect prompt injection. Malicious instructions could be embedded in the XML structure or text content of processed files.\n
- Ingestion points: Document contents are parsed in ooxml/scripts/unpack.py and scripts/document.py.\n
- Boundary markers: The skill does not currently implement specific delimiters or warnings to ignore embedded instructions within document text.\n
- Capability inventory: The skill has the ability to execute specific system commands and write to the local file system.\n
- Sanitization: The library uses defusedxml for all XML parsing, providing strong protection against XML External Entity (XXE) and billion laughs attacks.
Audit Metadata