moai-document-processing
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface.
- Ingestion points: The skill processes user-uploaded or external document files (DOCX, PDF, XLSX, PPTX) in multiple scripts including inventory.py and document.py.
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating document content into prompts or processing it.
- Capability inventory: The skill has high-privilege tool access including Bash, file writing, and network fetching (WebFetch).
- Sanitization: While the skill uses defusedxml to mitigate XML-based attacks like XXE, it lacks sanitization against malicious natural language instructions embedded within the processed documents.
- [COMMAND_EXECUTION]: Execution of system utilities.
- The skill relies on several external CLI tools such as LibreOffice (soffice), Pandoc, QPDF, and Poppler utilities (pdftoppm) to perform format conversions and calculations. These are invoked via subprocess calls within the Python scripts.
- [REMOTE_CODE_EXECUTION]: Dynamic execution environments.
- Uses Playwright in html2pptx.js to evaluate rendering logic within a headless browser.
- Employs LibreOffice Basic macros in recalc.py to perform spreadsheet formula recalculations. These actions are consistent with the skill's primary purpose but represent a dynamic execution surface.
Audit Metadata