docx
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use system-level commands such as
pandocandunzipto extract text and inspect the internal OOXML structure of Word files. - [EXTERNAL_DOWNLOADS]: The workflow suggests installing third-party Python libraries including
python-docxanddocxtplfrom public registries if they are not already available in the environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and processes content from untrusted .docx files. Evidence: 1. Ingestion points: Content is read via
pandocandpython-docxinSKILL.md. 2. Boundary markers: Absent; no instructions are provided to the agent to ignore potential commands within the extracted text. 3. Capability inventory: The skill has access to file-writing capabilities and subprocess execution. 4. Sanitization: Absent; no filtering or validation of the document content is performed before processing.
Audit Metadata