docx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process external .docx files provided by users. While this presents an attack surface for indirect injection via document content, the skill effectively mitigates common technical exploits.
- Ingestion points: XML content from unpacked .docx archives is processed in
document.pyandutilities.py. - Boundary markers: The skill relies on programmatic XML parsing rather than raw string interpolation into LLM prompts.
- Capability inventory: File system operations (unzip/pack), subprocess execution for document conversion (
soffice), and diffing (git). - Sanitization: The skill consistently uses
defusedxmlfor XML parsing indocument.py,utilities.py,pack.py, andunpack.py, which is the industry standard for preventing XML External Entity (XXE) and billion laughs attacks. - [COMMAND_EXECUTION]: The skill utilizes
subprocess.runinooxml/scripts/pack.pyto callsofficefor PDF conversion and inooxml/scripts/validation/redlining.pyto callgit difffor change validation. These executions are limited to specific, functional paths and do not accept arbitrary user-controlled shell input. - [EXTERNAL_DOWNLOADS]: Dependencies listed in
SKILL.md(pandoc,libreoffice,poppler-utils,defusedxml,docx) are well-known, established tools from trusted repositories and registries.
Audit Metadata