docx
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several standard command-line tools (pandoc, unzip, zip, soffice, pdftoppm) to perform document conversion and content extraction. These operations are consistent with the skill's stated purpose of document management.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external .docx files, which represents an attack surface where untrusted data could influence agent behavior.
- Ingestion points: Text extracted from .docx files using pandoc and raw XML data accessed via unzip as described in SKILL.md.
- Boundary markers: No specific delimiters or safety instructions are defined to separate untrusted document content from system prompts.
- Capability inventory: The skill possesses the ability to execute shell commands and write files to the local file system.
- Sanitization: There is no evidence of sanitization, filtering, or validation performed on the text or XML content extracted from the documents.
Audit Metadata