hwp-text-replacer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (INFO): The skill's implementation logic is stored in an external local file (hwp_generator/core/hwp_text_replacer_v2.py) which is not provided for review. The analysis is limited to the documentation and usage examples.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. Ingestion points: External HWP/HWPX files loaded as templates via the HWPTextReplacerV2 class. Boundary markers: None identified in the provided instructions; the agent is expected to process the file content as data. Capability inventory: The skill performs file system read and write operations (save method). Sanitization: No evidence of sanitization for incoming document content. Risk: Processing external documents is an inherent risk vector for indirect prompt injection if the agent subsequently interprets document content as instructions.
Audit Metadata