Skills
skills/fabioc-aloha/gcx_copilot/docx-to-md/Gen Agent Trust Hub

docx-to-md

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to process external Word (.docx) documents, which creates a potential surface for indirect prompt injection where a document could contain hidden instructions to influence agent behavior.
  • Ingestion points: The skill ingests .docx files provided by the user or an external source.
  • Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore instructions embedded within the document content.
  • Capability inventory: The skill executes a local Node.js script (.github/muscles/docx-to-md.cjs) and relies on the pandoc system utility for conversion.
  • Sanitization: No specific sanitization or validation logic for the input document content is described in the provided files.
  • [NO_CODE]: The referenced logic script .github/muscles/docx-to-md.cjs was not included in the provided file set, so its internal implementation could not be audited. Analysis is limited to the markdown instructions and JSON metadata.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 02:26 AM