wps-office
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing data from external WPS files (Word, Excel, and PowerPoint).
- Ingestion points: The agent reads untrusted data using tools such as
wps_word_get_document_text,wps_excel_read_range, andwps_ppt_get_slide_infoas described inSKILL.md. - Boundary markers: Absent. There are no instructions or delimiters defined to help the agent distinguish between the developer's instructions and potentially malicious instructions embedded within the documents it processes.
- Capability inventory: High. The skill has the ability to write to files (
wps_word_insert_text,wps_excel_write_range), perform format conversions (wps_convert_format), and manage applications, which could be abused if an injected instruction is followed. - Sanitization: Absent. Content read from files is not validated or sanitized before being processed or used to influence subsequent agent actions.
Audit Metadata