hwpx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides the capability to ingest, read, and modify existing HWPX files as demonstrated in the evaluation scenarios.
- Ingestion points: The agent is prompted to open and modify existing files (e.g.,
assets/report-template.hwpxinevals/evals.json). - Boundary markers: Absent. There are no explicit instructions or delimiters used to separate user instructions from potentially malicious content embedded within the HWPX document body.
- Capability inventory: The skill possesses file write capabilities and XML manipulation via
scripts/fix_namespaces.py(usingzipfileandos.replace). - Sanitization: No sanitization or validation of the text content within the HWPX files is performed before the agent processes or edits them.
- Unverifiable Dependencies (SAFE): The documentation references the
python-hwpxlibrary. While this is an external dependency, it is used for its primary intended purpose and no malicious installation or remote execution patterns were found.
Audit Metadata