docx
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to use
sudofor system-level software installation, which constitutes a privilege escalation risk. - [PROMPT_INJECTION]: The skill includes instructions such as 'MANDATORY
- READ ENTIRE FILE' and 'NEVER set any range limits when reading this file', which are attempts to override the agent's default operational logic and resource constraints.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests untrusted data from .docx files (ingestion point: SKILL.md) and lacks explicit boundary markers to prevent the agent from following instructions embedded in documents. The skill has significant capabilities including subprocess execution via pandoc, libreoffice, and python (capability inventory: SKILL.md), though it identifies
defusedxmlas a sanitization dependency (sanitization: SKILL.md). - [EXTERNAL_DOWNLOADS]: The skill downloads and installs standard, well-known libraries
docxanddefusedxmlfrom public registries. - [NO_CODE]: The skill references multiple external files and scripts (e.g.,
ooxml/scripts/unpack.py,ooxml.md,docx-js.md) that are not provided in the skill package, making their security properties and logic unverifiable.
Recommendations
- AI detected serious security threats
Audit Metadata