docx-format
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The core operational logic in 'SKILL.md' requires the agent to generate arbitrary Python code and execute it on the host system using the 'uv run' command. This pattern is inherently risky as it facilitates arbitrary local command execution if the agent's reasoning is compromised.- [PROMPT_INJECTION] (HIGH): Significant risk of Indirect Prompt Injection (Category 8). The skill processes untrusted external Word documents which can influence agent behavior. Evidence: 1. Ingestion: Scripts 'analyze.py', 'format_academic.py', and 'format_official.py' read files via 'Document()'. 2. Boundary markers: No delimiters or specific instructions are provided to the agent to treat document content as untrusted data. 3. Capability: The agent is authorized to write files and execute subprocesses via 'uv run'. 4. Sanitization: No logic exists to filter or sanitize text extracted from documents before it is processed. An attacker could embed malicious instructions in a Word document to hijack the agent's script generation phase.- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes 'uv run --with python-docx', which dynamically fetches the 'python-docx' library from PyPI. While this is a trusted and standard library, the behavior involves automated package fetching at runtime.- [INFO]: The automated scanner alert for 'run.font.name' is a false positive; 'run.font.name' is a standard API property in the 'python-docx' library used for font formatting, not a malicious domain.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata