docx-offline
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses subprocess.run in ooxml/scripts/pack.py and ooxml/scripts/validation/redlining.py to execute soffice (LibreOffice) and git for document validation and generating revision diffs. These operations are performed using statically defined command strings.
- [EXTERNAL_DOWNLOADS]: README.md provides installation instructions using npx openskills and references to the author's miscellany repository on GitHub. It also suggests installing standard packages like pandoc, libreoffice, and the docx Node.js library.
- [SAFE]: The skill mitigates XML External Entity (XXE) vulnerabilities by using the defusedxml library for all XML parsing operations. Metadata like author names are correctly escaped using html.escape in scripts/document.py. The Indirect Prompt Injection (Category 8) surface is well-managed: 1. Ingestion points: ooxml/scripts/unpack.py and scripts/document.py ingest XML content from DOCX files. 2. Boundary markers: The skill focuses on structural XML manipulation rather than natural language interpretation of document content. 3. Capability inventory: subprocess.run and local file writes. 4. Sanitization: Use of defusedxml and html.escape.
Audit Metadata