docx
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Python 'subprocess' module to execute local system commands for document processing.
- Evidence includes calls to 'soffice' (LibreOffice) for document validation and PDF/HTML conversion.
- Evidence includes calls to 'git' for calculating word-level and character-level differences in document content.
- These commands are used strictly for the skill's stated purpose and operate on document files within the skill's workspace.
- [EXTERNAL_DOWNLOADS]: The documentation references several external dependencies required for full functionality.
- System packages like 'pandoc', 'libreoffice', and 'poppler-utils' are recommended for installation via standard package managers.
- Programming libraries such as 'docx' (npm) and 'defusedxml' (pip) are used from official registries.
- These downloads are from trusted organizations and established technology providers.
- [PROMPT_INJECTION]: The skill instructions include directives for the model to read documentation files in their entirety without range limits. While strongly worded, these instructions serve to ensure the model has sufficient technical context for complex OOXML manipulation and do not attempt to bypass safety filters.
Audit Metadata