Skills
skills/childbamboo/claude-code-marketplace-sample/docx-reader/Gen Agent Trust Hub

docx-reader

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection. It extracts text from external .docx files and provides it to the agent without using boundary markers or sanitization. If a document contains hidden instructions (e.g., 'ignore previous instructions'), the agent may follow them.
  • Ingestion points: text output from scripts/read_docx.py.
  • Boundary markers: Absent. The agent is not instructed to treat the extracted text as untrusted data.
  • Capability inventory: The agent can execute shell commands (wsl) and read/write files.
  • Sanitization: Absent. The script extracts raw text and table data directly.
  • COMMAND_EXECUTION (LOW): The skill requires the agent to execute a local Python script via the command line. While necessary for functionality, this pattern involves the agent constructing and running shell commands based on user-provided file paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:01 PM