word-document
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill defines tools for extracting text, analyzing structure, and searching content within Word documents, creating an attack surface where malicious instructions embedded in documents could influence the agent's behavior.
- Ingestion points: File SKILL.md documents tools such as
mcp_word-document_extract_text,mcp_word-document_find_text,mcp_word-document_get_structure, andmcp_word-document_get_metadatawhich read data into the agent's context. - Boundary markers: The skill documentation lacks instructions for implementing delimiters or "ignore embedded instructions" warnings when processing document content.
- Capability inventory: The skill includes powerful capabilities such as document creation (
create_document), copying (copy_document), image insertion (insert_image), and PDF conversion (convert_to_pdf) that could be targeted by an injection attack. - Sanitization: There is no evidence of sanitization, validation, or filtering of the content extracted from external documents.
Audit Metadata