wps-word
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an Indirect Prompt Injection surface by processing untrusted data from Word documents. \n- Ingestion points: The skill utilizes
wps_get_active_document,getDocumentText,getComments, andgetBookmarks(viawps_execute_method) to read content from the active document into the agent's context. \n- Boundary markers: The instructions do not define clear delimiters or include warnings for the AI to ignore instructions embedded within the ingested document text. \n- Capability inventory: The agent has extensive permissions to modify documents, includinginsertText,findReplace,setFont, and high-privilege operations likeopenDocumentfor local file access andinsertHyperlink. \n- Sanitization: There is no evidence of content sanitization or validation performed on the data retrieved from the document before it is processed by the AI.
Audit Metadata