docx
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for document processing and follows security best practices throughout its implementation.
- [COMMAND_EXECUTION]: External tools such as
soffice(LibreOffice) andgitare called viasubprocess.runwith list-based arguments to perform document conversion and text comparison. These calls are well-restricted to specific tasks related to the skill's primary purpose. - [SAFE]: XML parsing is handled by the
defusedxmllibrary, providing protection against XML External Entity (XXE) and expansion attacks. - [SAFE]: The skill operates entirely within the agent's local workspace or temporary directories, with no evidence of sensitive file access or network-based data exfiltration.
- [SAFE]: Proper XML escaping is implemented when handling user-provided metadata, such as author names, to prevent injection attacks.
Audit Metadata