docx
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Inclusion of a pre-compiled ELF binary. The file validator/Validator is a compiled executable used during the document validation process. Executing unverified binaries provided within a skill is a security risk.
- [COMMAND_EXECUTION]: Dynamic code compilation and execution. The build process in scripts/docx compiles and runs C# code written by the agent to Program.cs. This runtime compilation of generated source code is a significant capability surface.
- [REMOTE_CODE_EXECUTION]: Remote script execution for environment setup. The scripts/docx script downloads and executes a shell script from https://dot.net/v1/dotnet-install.sh to install the .NET SDK. While the source is a trusted service, the pattern of executing remote scripts at runtime is a risk factor.
- [EXTERNAL_DOWNLOADS]: Fetching external tools and scripts. The skill downloads the .NET installation script and potentially browser binaries through the Playwright package.
- [PROMPT_INJECTION]: Indirect prompt injection attack surface. The skill ingests untrusted XML data from .docx files in scripts/docx_lib/editing/context.py. It lacks strong boundary markers between user data and instructions, though it uses safe_parse_xml for basic sanitization. Capabilities like dotnet and playwright increase the risk of exploitation if malicious instructions are processed.
Audit Metadata