docx
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill inherently processes external document data, which serves as a structural surface for indirect prompt injection.
- Ingestion points: Document text is extracted via 'pandoc' conversion to markdown or directly read from XML files within the .docx archive using the provided 'Document' library.
- Boundary markers: The current instructions do not mandate specific protective delimiters when the agent processes extracted text, though it emphasizes professional document review contexts.
- Capability inventory: The skill can execute system utilities ('soffice', 'git', 'pdftoppm') and perform file-write operations to save document modifications.
- Sanitization: The skill uses 'defusedxml' for all XML parsing to mitigate XXE risks and provides methods to escape metadata such as author names.
- [COMMAND_EXECUTION]: The skill relies on several system utilities to perform document conversions and structural comparisons.
- Evidence: It executes 'pandoc' for text structures, 'LibreOffice' ('soffice') for PDF/HTML conversion and validation, 'git diff' for redlining analysis, and 'pdftoppm' for image generation.
- Safety: All external commands are invoked using 'subprocess.run' with list-based arguments, which effectively prevents shell injection. Command usage is strictly limited to the documented document manipulation tasks.
- [SAFE]: The skill includes well-structured Python and JavaScript workflows for programmatic document generation.
- Context: It generates local scripts based on user requirements using the 'docx' (Node.js) and custom 'Document' (Python) libraries.
- Security: No code is downloaded from untrusted remote sources at runtime, and all dependencies are standard industry tools.
Audit Metadata