Skills
skills/sebas-aikon-intelligence/antigravity-awesome-skills/docx/Gen Agent Trust Hub

docx

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): The skill executes the local 'soffice' binary via subprocess.run for document validation. This is a functional requirement and uses safe argument passing via a list format.
  • Category 8: Indirect Prompt Injection (LOW): The skill handles untrusted OOXML data which could contain malicious payloads for the consuming agent. 1. Ingestion points: ooxml/scripts/unpack.py (processes office files). 2. Boundary markers: No explicit delimiters used for extracted content. 3. Capability inventory: ZIP extraction, file system modification, and binary execution. 4. Sanitization: Uses 'defusedxml' for XML parsing in main scripts. Zip extraction via extractall() and lxml usage in secondary validation tasks are noted as minor surface risks for ZipSlip and XXE respectively, but are acceptable given the utility's purpose and trusted origin.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM