office
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to process external data for document generation, creating a significant attack surface.
- Ingestion points: Step 6 ('Add Data Binding') explicitly handles template variables and data iteration for tables/lists from external sources.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within the ingested data are defined.
- Capability inventory: The generated code has the capability to write files (Office formats), perform network requests (fetching images from URLs in Step 5), and is intended for execution via 'npx tsx'.
- Sanitization: There are no requirements for escaping or validating external content before it is interpolated into the generated source code.
- [Dynamic Code Generation] (MEDIUM): The core purpose of the skill is to generate and execute TypeScript code. While this is the intended functionality, generating executable code based on potentially untrusted data binding (Step 6) without strict sanitization is a known risk for code injection.
- [External Dependencies] (LOW): The skill relies on external npm packages (
docx,xlsx,pdf-lib,pptxgenjs). While these are well-known and standard libraries, they are downloaded at runtime during the generation process (Step 7), which constitutes an external dependency risk.
Audit Metadata