NYC
skills/answerzhao/agent-skills/docx/Gen Agent Trust Hub

docx

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [DATA_EXPOSURE] (SAFE): The skill uses 'defusedxml' in pack.py and unpack.py to protect against XML External Entity (XXE) and Billion Laughs attacks during document processing.
  • [COMMAND_EXECUTION] (SAFE): Subprocess calls to soffice are used for document validation. These calls use list-based arguments and static filter names, preventing shell injection vulnerabilities.
  • [PROMPT_INJECTION] (LOW): Detected an indirect prompt injection surface. 1. Ingestion points: zipfile extraction and XML parsing in unpack.py and docx.py. 2. Boundary markers: Absent. 3. Capability inventory: File write access and subprocess execution (soffice). 4. Sanitization: High-quality sanitization using defusedxml is applied to XML content before it is used by the skill.
  • [DATA_EXFILTRATION] (SAFE): No hardcoded credentials or unauthorized network communication patterns were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:19 PM