wps-word
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes 24 MCP tools to control the local WPS Office environment, including capabilities to open documents by file path (
wps_word_open_document), insert images from local paths (wps_word_insert_image), and perform extensive text and formatting modifications. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted text from external Word documents. Evidence: (1) Ingestion points: The
wps_word_get_document_texttool retrieves document content into the agent's context; (2) Boundary markers: Absent, as the instructions do not specify how to distinguish document content from agent instructions; (3) Capability inventory: 24 MCP tools for file manipulation, document editing, and formatting; (4) Sanitization: Absent, with no validation or filtering performed on the ingested text.
Audit Metadata