wps-word-automation
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads text content from Word and WPS documents via the
readcommand inscripts/wps_word_automation.py. This text is returned to the agent without sanitization, creating a surface for indirect prompt injection if the document contains malicious instructions intended to override agent behavior. - Ingestion points: Document text is read using
doc.Content.Textinscripts/wps_word_automation.py. - Boundary markers: The script provides no delimiters or explicit instructions to the agent to disregard instructions embedded within the document content.
- Capability inventory: The skill has capabilities to read/write local files and control document structure/formatting.
- Sanitization: No filtering or validation is performed on the extracted text before it is returned to the agent.
Audit Metadata