Skills
skills/inforix/skills/shmtu-word-formatter/Gen Agent Trust Hub

shmtu-word-formatter

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows security best practices for its intended use case. Its operations are transparent and match the described functionality.
  • [DATA_EXFILTRATION]: The skill interacts with the local file system to process documents.
  • Evidence: scripts/format_word.py reads input data from user-specified paths and writes the formatted document to a target output path using doc.save().
  • Context: This behavior is the primary function of the skill. No code was found that attempts to send data to external servers or access sensitive system paths.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes content from external documents.
  • Ingestion points: The load_document function in scripts/format_word.py reads content from .docx, .txt, and .md files.
  • Boundary markers: Not present.
  • Capability inventory: The skill can write files to the disk but does not have network access or the ability to execute system commands.
  • Sanitization: The script treats the ingested text as literal strings for font and paragraph styling and does not pass the content to an evaluator or shell.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 06:20 AM