doc
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references standard dependencies including python-docx and pdf2image, along with system utilities LibreOffice and Poppler. It links to the openai/skills repository, which is an established source.\n- [COMMAND_EXECUTION]: The bundled script scripts/render_docx.py and the SKILL.md instructions utilize soffice and pdftoppm for document conversion. The Python script uses list-based arguments for subprocess.run without the shell=True parameter, which mitigates shell injection risks.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted .docx files.\n
- Ingestion point: User-provided .docx files processed by python-docx and LibreOffice (scripts/render_docx.py).\n
- Boundary markers: Absent; document content is processed directly without explicit isolation from instructions.\n
- Capability inventory: subprocess.run execution for system tools, file system read/write access for rendering and saving documents.\n
- Sanitization: The script employs os.path.abspath and os.path.expanduser for path normalization and avoids shell execution for subprocess calls.
Audit Metadata