docx
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation follows security best practices, such as using the defusedxml library for all XML parsing operations to mitigate risks like XXE attacks. No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected.
- [COMMAND_EXECUTION]: The skill utilizes legitimate system utilities including soffice, pandoc, git, and pdftoppm via the subprocess module. These tools are used for intended document-processing functions such as format conversion, text extraction, and comparison of tracked changes. All command execution is performed on local files within the agent's workspace and utilizes standard, well-defined arguments.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its function of processing external document data.
- Ingestion points: Document content enters the agent's context through pandoc conversion to markdown (referenced in SKILL.md) and direct XML inspection via the XMLEditor class (scripts/utilities.py).
- Boundary markers: Content is handled structurally through DOM manipulation; while explicit prompt delimiters are not shown in the provided scripts, the workflows emphasize incremental and managed edits.
- Capability inventory: The skill can execute local system commands (soffice, git, pdftoppm) and perform filesystem operations (read/write) on document components.
- Sanitization: The skill consistently employs defusedxml in scripts/document.py, scripts/utilities.py, and ooxml/scripts/pack.py to prevent XML-based attacks.
Audit Metadata