docx-processing-openai
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides shell templates for
sofficeandpdftoppmthat use unquoted/unsanitized variables like$INPUT_DOCXand$OUTDIR. If an agent processes a file with a malicious name (e.g.,";touch_exploit;" .docx), it could lead to arbitrary command execution on the host system. - [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to indirect prompt injection. It instructs the agent to read and 'visually inspect' external DOCX files and then perform edits based on those results. A malicious document could contain hidden or visible instructions that trick the agent into performing unauthorized file modifications, exfiltrating data, or disregarding its safety guidelines during the 'render-inspect-fix' loop.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires
pip install python-docx. Whilepython-docxis a standard library and the metadata claims 'OpenAI' as the author (a trusted source), runtime package installation remains a supply chain risk factor. Per [TRUST-SCOPE-RULE], this is rated LOW as the package is well-known.
Recommendations
- AI detected serious security threats
Audit Metadata