docx
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system binaries such as LibreOffice (soffice), Git, Pandoc, and Poppler (pdftoppm) to handle document conversion, format validation, and text extraction. These operations are performed using Python's subprocess module with argument lists on local files within a temporary workspace.
- [EXTERNAL_DOWNLOADS]: The skill documentation specifies the installation of standard document processing software and libraries, including Pandoc, LibreOffice, Poppler utilities, and the 'docx' npm package. These are well-known tools sourced from official system and package registries.
- [SAFE]: The implementation demonstrates security-conscious design by using the 'defusedxml' library for all primary XML parsing and manipulation tasks. This proactively mitigates XML External Entity (XXE) vulnerabilities that could otherwise be exploited via malicious Word documents provided for processing.
Audit Metadata