docx
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external CLI tools including
soffice(LibreOffice),pandoc,pdftoppm, andgitto perform document conversion, image extraction, and tracked changes validation. These executions are constrained to the intended functionality of document processing and validation. - [EXTERNAL_DOWNLOADS]: The documentation instructs the user to install standard third-party dependencies such as
pandoc,libreoffice,poppler-utils, and thedocxNPM package. These are well-known, reputable tools required for the skill's primary purpose. - [SAFE]: The skill prioritizes security by using the
defusedxmllibrary for XML parsing operations in its Python scripts (document.py,utilities.py,unpack.py,pack.py), which effectively mitigates XML External Entity (XXE) injection risks when processing untrusted document files.
Audit Metadata