docx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill prioritizes security by using the 'defusedxml' library for all XML parsing operations in 'document.py', 'utilities.py', 'pack.py', and 'unpack.py', which effectively mitigates risks from XML External Entity (XXE) and XML bomb attacks.
- [SAFE]: External command-line utility calls (pandoc, soffice, git, pdftoppm) are handled safely using subprocess lists instead of shell strings, preventing shell injection vulnerabilities.
- [SAFE]: Comprehensive validation logic is integrated into the workflow ('validate.py', 'base.py') to ensure that any document modifications adhere to OOXML schema standards and preserve formatting integrity.
- [SAFE]: All identified dependencies (pandoc, docx, libreoffice, poppler-utils, defusedxml, lxml) are well-known, reputable tools from established public registries.
Audit Metadata