docx
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill uses the
defusedxmllibrary for parsing XML content within OOXML structures. This is a critical security measure that protects against XML External Entity (XXE) and billion laughs attacks which are common in document processing utilities. - [COMMAND_EXECUTION]: The skill scripts utilize standard system utilities including
soffice(LibreOffice),git,pandoc, andpdftoppm. These tools are invoked for legitimate purposes such as document conversion to markdown, PDF generation, image extraction, and content diffing. Command arguments are handled using list-based execution insubprocess.run, which minimizes the risk of shell injection. - [EXTERNAL_DOWNLOADS]: Dependencies identified in the documentation (
pandoc,libreoffice,poppler-utils,defusedxml, and thedocxnpm package) are standard, reputable software packages from well-known official repositories. - [SAFE]: The skill implements character escaping (
html.escape) when handling potentially untrusted data like author names, further demonstrating defensive programming practices.
Audit Metadata