docx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE] (SAFE): The skill uses 'defusedxml' in pack.py and unpack.py to protect against XML External Entity (XXE) and Billion Laughs attacks during document processing.
- [COMMAND_EXECUTION] (SAFE): Subprocess calls to soffice are used for document validation. These calls use list-based arguments and static filter names, preventing shell injection vulnerabilities.
- [PROMPT_INJECTION] (LOW): Detected an indirect prompt injection surface. 1. Ingestion points: zipfile extraction and XML parsing in unpack.py and docx.py. 2. Boundary markers: Absent. 3. Capability inventory: File write access and subprocess execution (soffice). 4. Sanitization: High-quality sanitization using defusedxml is applied to XML content before it is used by the skill.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials or unauthorized network communication patterns were identified.
Audit Metadata