docx-format-replicator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- SAFE (SAFE): Technical analysis of 'extract_format.py' and 'generate_document.py' shows legitimate use of the zipfile and ElementTree libraries to handle OOXML document structures. No code obfuscation, persistence mechanisms, or unauthorized file access patterns were found.
- EXTERNAL_DOWNLOADS (SAFE): The skill's only dependency is 'python-docx', which is a standard library for Word document manipulation. No remote code execution (RCE) patterns such as piped shell commands or dynamic downloads from untrusted URLs were identified.
- PROMPT_INJECTION (SAFE): The skill possesses an indirect prompt injection surface as it ingests untrusted Word templates and JSON data. However, there is no evidence of instructions attempting to bypass agent safety or execute code from the input. 1. Ingestion points: 'extract_format.py' (docx input) and 'generate_document.py' (JSON input). 2. Boundary markers: Absent. 3. Capability inventory: Local file read and 'python-docx' document saving. 4. Sanitization: Standard XML parsing via ElementTree.
Audit Metadata