Skills
skills/kang-chen/agent-skills/docx/Gen Agent Trust Hub

docx

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local system utilities to perform document processing and validation tasks.
  • ooxml/scripts/pack.py: Invokes soffice (LibreOffice) in headless mode to validate documents by converting them to HTML.
  • ooxml/scripts/validation/redlining.py: Uses git diff to perform character-level comparisons between original and modified document text.
  • SKILL.md: Instructs the agent to use pandoc for text extraction, soffice for PDF conversion, and pdftoppm for image generation.
  • [PROMPT_INJECTION]: The skill processes external document files, which presents a surface for indirect prompt injection attacks (Category 8).
  • Ingestion points: Untrusted content is read from .docx, .pptx, and .xlsx files during the unpacking and editing processes (ooxml/scripts/unpack.py, scripts/document.py).
  • Boundary markers: The skill does not programmatically wrap extracted document text in delimiters or provide explicit instructions to ignore embedded commands.
  • Capability inventory: The skill possesses file system write permissions (doc.save) and the ability to execute external binaries (soffice, git).
  • Sanitization: The skill employs defusedxml for secure XML parsing to prevent XML External Entity (XXE) vulnerabilities and applies html.escape to metadata such as author names.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:45 PM