docx-generator
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, hidden code, or security violations were detected in the skill's instructions or logic.
- [EXTERNAL_DOWNLOADS]: The skill mentions the installation of 'python-docx' via pip in its troubleshooting section. This is a standard, well-known, and trusted library for document manipulation.
- [COMMAND_EXECUTION]: The skill utilizes Python code snippets to interface with the 'python-docx' library. These operations are limited to generating document structures (paragraphs, tables, styles) and are consistent with the skill's stated purpose.
- [DATA_EXFILTRATION]: While the skill handles document content and supports file-writing tools (Write, Read), there are no network operations or patterns indicating that data is being transmitted to external or unauthorized servers.
- [SAFE]: The skill identifies a potential attack surface for indirect prompt injection as it can ingest reference documents via the 'Read' tool. However, it provides clear structures and rules for its output, and no malicious exploitation patterns were found.
- Ingestion points: Reads reference documents and brand guides through the 'Read' tool in 'references/document-generator.md'.
- Boundary markers: None explicitly defined for untrusted document content.
- Capability inventory: File writing (Write), pattern searching (Grep), and file exploration (Glob).
- Sanitization: Not explicitly documented; the skill relies on the underlying agent's standard processing.
Audit Metadata