docx
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consistently employs the
defusedxmllibrary for parsing and manipulating XML content across its Python scripts. This measure effectively mitigates risks associated with XML External Entity (XXE) attacks and other XML-based vulnerabilities. - [COMMAND_EXECUTION]: The skill utilizes the
subprocessmodule to execute external utilities includingpandoc,soffice(LibreOffice),pdftoppm, andgit. These tools are used for legitimate document processing tasks such as structure extraction, PDF/image conversion, and change validation. Execution is performed on local temporary files, minimizing risk. - [PROMPT_INJECTION]: Instructions in the markdown documentation include directives such as 'MANDATORY
- READ ENTIRE FILE' and 'NEVER set any range limits'. These are technical instructions designed to ensure the AI agent has full context for complex document structure rules, rather than attempts to bypass safety filters or ignore prior instructions.
- [SAFE]: As a tool that ingests and processes user-provided Word documents, the skill has an inherent surface for indirect prompt injection via document content. However, the skill implements structural validation and metadata sanitization, and its logic is focused on container manipulation rather than autonomous execution of document-based commands.
Audit Metadata