docx
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The
pack.pyscript usessubprocess.runto invokesoffice(LibreOffice) for document validation via headless conversion. This is a local operation with fixed arguments, posing no risk of command injection. - [DATA_EXFILTRATION] (SAFE): No evidence of hardcoded credentials, sensitive file access, or unauthorized network communication was found.
- [PROMPT_INJECTION] (SAFE): The skill templates and scripts contain only structural and functional logic for document processing, with no attempts to influence or override agent instructions.
- [REMOTE_CODE_EXECUTION] (SAFE): All processing is performed locally. The skill explicitly uses the
defusedxmllibrary to mitigate XML External Entity (XXE) vulnerabilities during document parsing.
Audit Metadata