hwpx-writer
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires external libraries 'python-hwpx' and 'olefile' to manage Korean word processor formats. These dependencies are standard for the skill's primary function and are installed via the Python package manager.
- [COMMAND_EXECUTION]: Multiple Python scripts are included to perform document manipulation, such as 'create_hwpx.py', 'fill_template.py', and 'unpack.py'. these scripts operate on the local file system using standard XML and ZIP handling modules.
- [SAFE]: The skill possesses an indirect prompt injection surface common to document-processing tools. (1) Ingestion points: External content is read through scripts like 'extract_text.py' and 'extract_hwp.py'. (2) Boundary markers: No specific markers or delimiters are used in the script output to isolate extracted document text. (3) Capability inventory: The skill is limited to file reading and writing with no network or administrative capabilities. (4) Sanitization: Extracted text is not sanitized or filtered prior to being returned to the agent context.
Audit Metadata