docx
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted text data from external .docx files using pandoc for conversion into markdown. This creates a surface for indirect prompt injection, where a document could contain instructions designed to manipulate agent behavior. Ingestion occurs during the text extraction phase (SKILL.md). The evidence chain shows ingestion of untrusted data without explicit boundary markers or sanitization, combined with capabilities for file writing and command execution (document.py, pack.py).\n- [COMMAND_EXECUTION]: System utilities including soffice (LibreOffice), git diff, and poppler-utils are used for document repacking, validation, and image conversion. These commands are executed via subprocess on local files within a controlled temporary directory (pack.py, redlining.py, SKILL.md).\n- [EXTERNAL_DOWNLOADS]: The skill specifies installation of several external dependencies such as pandoc, libreoffice, and the docx NPM library from official system repositories and trusted package registries (SKILL.md).
Audit Metadata