rhwp-edit
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted HWP documents, which creates a surface for indirect prompt injection where malicious content in a document could attempt to influence the agent's actions during the editing process.
- Ingestion points: HWP/HWPX files are read and analyzed using
k-skill-rhwp info,search, andlist-paragraphscommands. - Boundary markers: The skill does not define explicit delimiters or instructions to ignore potential commands embedded within the processed document content.
- Capability inventory: The agent is instructed to use the
k-skill-rhwpCLI tool to perform file system writes and modifications. - Sanitization: No sanitization or validation of the text content extracted from the HWP files is mentioned before the agent uses it for subsequent commands.
- [COMMAND_EXECUTION]: The workflow relies on the execution of the
k-skill-rhwpCLI tool to perform document modifications and inspections. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
k-skill-rhwpand@rhwp/corepackages from the npm registry.
Audit Metadata