Skills
skills/aws-samples/sample-strands-agent-with-agentcore/word-documents/Gen Agent Trust Hub

word-documents

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The create_word_document and modify_word_document tools allow the execution of arbitrary Python code provided as a string parameter. This allows the agent to perform any action permitted by its local Python environment beyond document manipulation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it lacks safeguards for the code it executes.
  • Ingestion points: The python_code parameter in document creation and modification tools.
  • Boundary markers: None identified. The skill does not provide instructions to the agent to sanitize or ignore instructions embedded in the data being formatted into Word documents.
  • Capability inventory: The skill uses Python with access to libraries like pandas and numpy. Without explicit sandboxing, this includes the ability to perform file system operations and potentially network requests.
  • Sanitization: There is no validation or filtering of the python_code input to ensure it only performs document-related tasks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 01:46 AM