docx-processing-superdoc
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The instructions in
SKILL.mddirect the agent to usenpx @superdoc-dev/cli@latest. This command fetches and executes code from the public NPM registry at runtime. The use of the@latesttag ensures that the agent always runs the most recent version of the package, which is a significant security risk as the package content can be changed by the maintainer at any time without user review, potentially leading to the execution of malicious updates. - [EXTERNAL_DOWNLOADS]: The skill relies on fetching the
@superdoc-dev/clipackage from an external source (the NPM registry) during execution. - [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands through the
npxutility to perform operations on local Word documents. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes data from external Word documents which could contain malicious instructions.
- Ingestion points: Text content from
.docxfiles is ingested via thereadandsearchcommands defined inSKILL.md. - Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between its own instructions and the content retrieved from documents.
- Capability inventory: The skill is capable of shell execution via
npx. - Sanitization: Absent. The skill does not define any validation or filtering mechanisms for the data extracted from the documents.
Recommendations
- AI detected serious security threats
Audit Metadata