Skills
skills/lawvable/agent-skills/docx-processing-lawvable/Gen Agent Trust Hub

docx-processing-lawvable

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands including echo, grep, cat, mkdir, and the code binary to interact with the file system and manage communication with the SuperDoc extension.
  • [DATA_EXPOSURE_&_EXFILTRATION]: The skill reads from and writes to the local file system, specifically accessing document content and creating command/response files in a .superdoc/ directory. No network exfiltration was detected.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests content from external DOCX files which is then processed by the agent.
  • Ingestion points: Document text is read into the agent context via the getText command in SKILL.md.
  • Boundary markers: No specific delimiters or safety instructions are defined to wrap the ingested document content.
  • Capability inventory: The skill has shell execution capabilities (mkdir, echo, grep, code) across its workflow in SKILL.md.
  • Sanitization: No evidence of text sanitization or validation of the document content before agent processing was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:17 AM