docx
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- System Utility Integration: The skill utilizes established tools like Pandoc, LibreOffice, and Poppler for document conversion and image generation. These are standard system utilities for document processing.
- Dynamic Script Generation: The skill coordinates document modifications by generating and executing Python and JavaScript scripts. This is the primary method for handling complex OOXML structures and is used within the scope of document editing.
- Dependency Management: The skill identifies and requires standard, well-known packages from official public registries and system package managers.
- Untrusted Data Processing: The skill processes user-provided .docx files, which represents a standard indirect prompt injection surface for document analysis tools. It identifies the use of the defusedxml library to help mitigate common XML-based vulnerabilities.
- Administrative Configuration: The instructions for setting up the skill include the use of package managers that require administrative privileges for initial dependency installation.
Audit Metadata