docx
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Employs standard system utilities including
pandoc,LibreOffice(soffice), andpdftoppmfor document conversion, PDF generation, and image rendering. It also usesgitfor character-level diffing during document validation. - [EXTERNAL_DOWNLOADS]: Instructions include the setup of necessary libraries via official package managers including
apt-get,npm, andpipfor tools likepandoc,docx, anddefusedxml. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves processing untrusted
.docxfiles, which presents an attack surface for indirect prompt injection. - Ingestion points: Content is read into the agent context through
pandocmarkdown conversion and raw XML extraction from unpacked archives (e.g.,word/document.xml). - Boundary markers: Delimiters for extracted document content are not explicitly defined in the instructions.
- Capability inventory: The skill has access to file system operations and subprocess execution for document processing tasks.
- Sanitization: The implementation uses the
defusedxmllibrary for all XML parsing operations, effectively mitigating XML External Entity (XXE) and other XML-based injection attacks. - [PROMPT_INJECTION]: The instructions contain meta-directives requiring the agent to read full documentation files without pagination to maintain technical context; these are assessed as benign instructional constraints for task performance.
Audit Metadata