Skills
NYC
skills/drshailesh88/integrated_content_os/docx/Gen Agent Trust Hub

docx

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The script ooxml/scripts/pack.py uses subprocess.run to execute the soffice (LibreOffice) binary. While arguments are passed as a list to prevent shell injection, executing system binaries is a capability that should be monitored.
  • EXTERNAL_DOWNLOADS (LOW): The skill depends on the presence of soffice on the host system for its validation logic to function, representing an external environmental dependency.
  • PROMPT_INJECTION (LOW): The skill provides a surface for Indirect Prompt Injection (Category 8) by processing untrusted OOXML documents.
  • Ingestion points: ooxml/scripts/unpack.py and ooxml/scripts/validate.py ingest external .docx, .pptx, and .xlsx files.
  • Boundary markers: There are no markers or instructions used to prevent the agent from interpreting text content within the XML files as instructions.
  • Capability inventory: The skill can write to the file system and execute system commands (soffice).
  • Sanitization: The skill uses defusedxml.minidom and lxml.etree to parse XML content, which effectively mitigates XML External Entity (XXE) attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM