Skills
skills/dp-archive/archive/doc/Gen Agent Trust Hub

doc

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PRIVILEGE_ESCALATION]: The SKILL.md file explicitly instructs the agent to use sudo apt-get install for installing system dependencies like LibreOffice and Poppler-utils. This pattern grants the agent administrative access to the host system.
  • [COMMAND_EXECUTION]: The skill relies on executing external system binaries. SKILL.md provides shell commands for soffice and pdftoppm, while scripts/render_docx.py uses the subprocess module to run these tools programmatically.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted .docx files, which could be used to exploit vulnerabilities in the document parsers or the rendering engine.
  • Ingestion points: The input_path argument in scripts/render_docx.py and the workflow described in SKILL.md define where external document data enters the environment.
  • Boundary markers: The skill does not implement any delimiters or "ignore instructions" guards when reading or processing the content of the documents.
  • Capability inventory: The skill possesses the capability to execute shell commands (via subprocess.run), install system packages (via apt-get), and perform file system operations (writing to output/doc/).
  • Sanitization: While the Python script uses abspath for path normalization, it does not perform any content-level sanitization or validation of the OOXML structure before processing it with ElementTree or LibreOffice.
  • [EXTERNAL_DOWNLOADS]: The documentation guides the agent to download and install several Python packages (python-docx, pdf2image) and system tools from external repositories during setup.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 01:57 PM