docx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
ooxml/scripts/pack.pyusessubprocess.runto execute thesoffice(LibreOffice) binary for document validation. This is a legitimate operation for the skill's primary function of processing OOXML files. - Evidence:
subprocess.run(["soffice", "--headless", ...])invalidate_documentfunction. - Security Note: The command is constructed using a list (not a shell string) with a specific, local binary, minimizing risks associated with shell injection.
- [PROMPT_INJECTION] (LOW): The skill presents an indirect prompt injection surface as it processes external, potentially untrusted Office documents provided by the user.
- Ingestion points:
ooxml/scripts/unpack.pyextracts contents from user-provided Office files. - Boundary markers: Absent. The scripts process raw XML files from the document archives.
- Capability inventory: File system access (
zipfile,shutil), command execution (soffice), and XML parsing. - Sanitization: The skill uses
defusedxmlin its main processing scripts to mitigate XML-based attacks. However,ooxml/scripts/validation/docx.pyuses standardlxml.etree.parse, which is a best-practice violation regarding XXE (XML External Entity) protection. - [SAFE] (SAFE): The skill is developed by a trusted author (Anthropic) and performs its stated tasks using industry-standard libraries. No indicators of data exfiltration, obfuscation, or persistence were found.
Audit Metadata