editing-documents
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses Bash to manage a local Python virtual environment and execute the 'fpr_edit.py' script. These operations are transparently documented and strictly confined to the plugin's local directory for the purpose of document processing.
- EXTERNAL_DOWNLOADS (SAFE): The setup process involves 'pip install' for dependencies. The required packages (lxml, pyyaml, click, defusedxml) are reputable and standard in the Python ecosystem. The inclusion of 'defusedxml' is a security best practice that protects against XML External Entity (XXE) vulnerabilities in DOCX files.
- PROMPT_INJECTION (LOW): The skill is subject to Indirect Prompt Injection (Category 8) as it processes user-provided Word documents. 1. Ingestion points: User-provided DOCX files. 2. Boundary markers: No explicit markers in the prompt instructions to isolate document content from instructions. 3. Capability inventory: Bash, Read, and Write access. 4. Sanitization: The skill documentation mentions 'defusedxml' for XML parsing, but does not specify sanitization for LLM prose evaluation.
- DATA_EXFILTRATION (SAFE): Analysis confirms that all data processing is local. There are no network calls for exfiltration and no hardcoded credentials or sensitive environment access beyond the working directory.
Audit Metadata