docx
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (LOW): The skill utilizes local shell commands (
pandoc,soffice,pdftoppm) for document processing. - Evidence:
SKILL.mdandooxml/scripts/pack.pyexplicitly instruct the agent to execute these commands. The execution uses list-style arguments in Python'ssubprocess.run, which mitigates shell injection risks. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted .docx files and converts them to markdown for the agent to read. This creates a surface where instructions embedded in a document could influence agent behavior.
- Ingestion points:
pandoc --track-changes=all path-to-file.docxinSKILL.mdconverts document content into the agent's context. - Boundary markers: Absent. The skill does not explicitly instruct the agent to wrap extracted text in delimiters or ignore instructions within the text.
- Capability inventory: The agent can write files and execute generated Python/JS code, creating a potential path for a successful injection to cause local impact.
- Sanitization: The skill uses
defusedxmlinunpack.pyandpack.py, which effectively prevents XML-based attacks (XXE). - [External Downloads] (SAFE): The
SKILL.mdfile suggests installing standard packages (pandoc,libreoffice,npm install docx). These are well-known, trusted tools necessary for the skill's primary purpose. - [Data Exposure] (LOW): The
unpack.pyscript useszipfile.extractall(), which may be vulnerable to Path Traversal (ZipSlip) if processing a maliciously crafted .docx file in an unsandboxed environment.
Audit Metadata