docs-docx
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts and processes content from untrusted external Word documents (.docx).
- Ingestion points: The
scripts/parse_docx.pyscript reads the contents of user-provided Word files using thepython-docx,markitdown, anddocx2txtlibraries. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the extracted markdown content as untrusted or to ignore any embedded instructions found within the documents.
- Capability inventory: The script performs file system operations including directory creation (
mkdir) and writing extracted text, tables, and images to files. The resulting markdown artifacts are intended for subsequent consumption by the AI agent. - Sanitization: No sanitization or filtering is performed on the text extracted from the document before it is converted to markdown. If a processed document contains malicious instructions aimed at the AI agent, the agent may follow them when it reads the parsed output.
- [EXTERNAL_DOWNLOADS]: The script
scripts/parse_docx.pyuses theuvpackage manager to manage its environment and dependencies. - It downloads and installs standard document processing libraries:
python-docx,markitdown(a well-known service provided by Microsoft), anddocx2txt.
Audit Metadata