docx
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the
defusedxmllibrary for all XML parsing and manipulation tasks, which protects against XML External Entity (XXE) attacks and other XML-based vulnerabilities. - [SAFE]: All command-line interactions are performed using well-known, legitimate document processing tools such as Pandoc, LibreOffice (soffice), Poppler (pdftoppm), and Git. These commands are executed with structured argument lists, preventing shell injection risks.
- [SAFE]: The skill includes extensive validation logic that checks programmatic modifications against official Office Open XML (OOXML) schemas, preventing the creation of corrupt or malicious document structures.
- [SAFE]: Instructions requiring the agent to read entire documentation files are justified by the high technical complexity of the OOXML format and do not constitute an attempt to override safety constraints or ignore system instructions.
Audit Metadata