requirements-docx
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow involves generating a JavaScript file in a temporary directory and executing it using the node runtime. Additionally, it suggests user-side execution of soffice and pdftoppm commands for document verification.
- [REMOTE_CODE_EXECUTION]: The skill implements dynamic code generation where content extracted from user-provided Markdown files (such as requirement titles and descriptions) is interpolated into a script that is then executed. This pattern creates a potential vulnerability surface where malicious input within the requirements document could attempt to inject code that would then be executed on the host system during the node execution phase.
Audit Metadata