wps-word
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes content from active Word documents.
- Ingestion points: Document metadata and text are retrieved via 'wps_get_active_document', 'getDocumentText', and 'getComments' tools.
- Boundary markers: No delimiters or protective instructions are defined for processing document content.
- Capability inventory: High-impact tools available via 'wps_execute_method' include 'openDocument', 'findReplace', and 'insertHyperlink'.
- Sanitization: No content validation or filtering is specified.
- [COMMAND_EXECUTION]: The skill uses 'wps_execute_method' to perform Word document operations. This tool allows for file system interaction via the 'openDocument' and 'insertImage' methods which accept file paths. These capabilities are consistent with the skill's stated purpose as a productivity assistant and are implemented through the vendor lc2panda's infrastructure.
Audit Metadata