Word Document Handler

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary user-supplied .docx documents (e.g., the "Text extraction" pandoc conversion and the "Raw XML access" workflow using ooxml/scripts/unpack.py and the validation/redlining flows), so the agent will read and interpret untrusted, third-party document content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt explicitly instructs running privileged installation commands (e.g., "sudo apt-get install pandoc/libreoffice/poppler-utils"), which asks the agent to perform elevated system changes even though it doesn't create users or modify system configs.