docx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata claims a source of 'anthropics/skills', which is misleading given the actual author context ('hainamchung'). This deceptive metadata could lead to incorrect assumptions regarding the skill's origin and safety.
- [PROMPT_INJECTION]: The skill's ability to process external document content creates an indirect prompt injection surface. (1) Ingestion points: Document text and XML metadata are extracted via pandoc and unzip (SKILL.md). (2) Boundary markers: No delimiters or isolation instructions are defined to separate document content from agent prompts. (3) Capability inventory: The skill can execute system commands and perform file system writes (SKILL.md). (4) Sanitization: Content is converted into intermediate formats like Markdown without filtering for embedded instructions.
- [COMMAND_EXECUTION]: The skill utilizes several system utilities (pandoc, unzip, zip, soffice, pdftoppm) for document conversion and manipulation. The use of unzip on untrusted document files presents a potential risk of path traversal if the documents are maliciously crafted.
Audit Metadata