docx
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Python subprocess module to call external binaries including pandoc, soffice, pdftoppm, and git. These calls are implemented using argument lists rather than shell strings, which is a best practice that prevents command injection. These tools are used for legitimate document processing tasks such as format conversion and change tracking validation.
- [EXTERNAL_DOWNLOADS]: The skill's documentation provides instructions for installing well-known document processing utilities and libraries (such as LibreOffice and pandoc) from official system repositories and package managers.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted document data. 1. Ingestion point: .docx files are unpacked and read via defusedxml. 2. Boundary markers: No explicit delimiters are used when extracting text content for the agent. 3. Capability inventory: The skill can write to the filesystem and execute external binaries (soffice, git). 4. Sanitization: While XML structure is sanitized via defusedxml, the text content itself is presented to the agent as-is. This is a low-risk finding inherent to the skill's purpose.
- [SAFE]: The skill demonstrates a strong security posture by using the defusedxml library for all XML parsing operations, effectively mitigating risks associated with XML External Entity (XXE) attacks. Additionally, the included validation logic ensures that modifications to documents conform to standard OOXML schemas.
Audit Metadata