hwpx
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses established Python libraries and standard file operations to perform document processing tasks locally. No malicious obfuscation, persistence, or data exfiltration patterns were identified.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists due to the processing of untrusted document content.
- Ingestion points: Content is read from external HWPX files in
scripts/analyze_template.pyandscripts/text_extract.py. - Boundary markers: Content is extracted and processed based on the OWPML schema without additional isolation markers.
- Capability inventory: The skill enables the agent to execute internal scripts for file modification and ZIP management.
- Sanitization: No specific filtering or escaping is applied to extracted document text, as the primary purpose is document reconstruction.
Audit Metadata