docx
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
subprocess.runto callsoffice(LibreOffice) for document validation andgit difffor comparing changes during redlining validation. These operations are essential for the skill's primary function and target well-known, trusted system utilities.- [DATA_EXPOSURE_&_EXFILTRATION]: Analysis of the Python scripts and XML templates confirms that no sensitive data is accessed or exfiltrated. The implementation consistently usesdefusedxmlfor parsing, which is the industry standard for preventing XML-based data exposure vulnerabilities.- [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to process potentially untrusted DOCX files, which creates an indirect prompt injection surface. - Ingestion points: External data enters the agent context through
pandocmarkdown conversion and raw XML unpacking inooxml/scripts/unpack.py. - Boundary markers: While explicit boundaries aren't added to the converted text, the agent is instructed to use the output for specific document tasks.
- Capability inventory: The skill has the ability to read/write files and execute system commands (
soffice,git). - Sanitization: The skill effectively sanitizes XML input via the
defusedxmllibrary. The risk of processing malicious instructions within document text is handled by the agent's core safety layers.- [PROMPT_INJECTION]: The skill uses clear, technical instructions for document processing. The use of 'MANDATORY - READ ENTIRE FILE' directives is intended to ensure correct syntax usage for complex OOXML operations and does not attempt to bypass agent safety guidelines.
Audit Metadata