docx
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill strictly uses the
defusedxmllibrary for all XML manipulation inscripts/document.pyand associated scripts, effectively mitigating risks of XML External Entity (XXE) and billion laughs attacks. - [SAFE]: Command execution is limited to necessary document processing tools (
pandoc,soffice,pdftoppm) and is implemented without shell invocation vulnerabilities, usingpathlibfor secure path handling. - [SAFE]: The skill operates on untrusted document content by design. While this presents a surface for indirect prompt injection, the skill includes a dedicated validation suite (
ooxml/scripts/validation/) that ensures document integrity and validates the structure of tracked changes against original versions.
Audit Metadata