docx
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external system utilities to perform document validation and auditing functions.
ooxml/scripts/pack.py: Executessoffice(LibreOffice) in headless mode to convert repacked documents into HTML as a verification step to ensure the output file is not corrupt.ooxml/scripts/validation/redlining.py: Executesgit diffwith word-level precision to validate that document modifications are properly recorded as tracked changes.- [PROMPT_INJECTION]: The skill architecture handles untrusted external data (Word documents), establishing an attack surface for indirect prompt injection that is mitigated through technical isolation.
- Ingestion points:
ooxml/scripts/unpack.pyandscripts/document.pyread and extract the XML structure from user-provided Office files. - Boundary markers: The skill instructs the agent to treat document content strictly as XML elements, separating data from instructional logic.
- Capability inventory: The skill has the capability to write files to the workspace and execute document conversion/diffing tools via subprocess.
- Sanitization: All XML parsing is initiated using the
defusedxmllibrary, which protects against XML External Entity (XXE) and billion laughs attacks. - [SAFE]: No malicious patterns, data exfiltration, or obfuscation were detected. The skill focuses on standard technical document processing and employs appropriate security measures for its intended use case.
Audit Metadata