Skills
skills/fcakyon/claude-codex-settings/doc/Gen Agent Trust Hub

doc

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/render_docx.py utilizes subprocess.run to call system utilities like soffice (LibreOffice) and pdftoppm. These calls are implemented using list-based arguments rather than shell strings, which effectively prevents command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill references several standard dependencies including the python-docx and pdf2image Python packages, as well as libreoffice and poppler-utils system packages. These are well-known, legitimate tools for document conversion and manipulation.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process external .docx files, creating an attack surface for indirect prompt injection. If a processed document contains malicious instructions, the agent might inadvertently follow them during the rendering or review phase.
  • Ingestion points: scripts/render_docx.py parses the OOXML structure of Word documents from zip archives.
  • Boundary markers: No explicit delimiters are used in the instructions to separate document content from agent instructions.
  • Capability inventory: The skill can execute local rendering commands and write files to the output directory.
  • Sanitization: The script uses path normalization and reads specific, expected components from the DOCX structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 05:08 PM