docx
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill creates a significant attack surface for Indirect Prompt Injection by enabling the ingestion of untrusted data from Microsoft Word and Markdown files. \n
- Ingestion points: External content enters the agent context through the
read_docxfunction inscripts/docx_utils.pyand theMarkdownToDocxconverter described in the documentation. \n - Boundary markers: The implementation lacks delimiters or instructions to help the agent distinguish between ingested document content and its own system instructions. \n
- Capability inventory: The skill possesses the capability to write and modify files on the local filesystem, which could be leveraged if the agent is manipulated by injected instructions. \n
- Sanitization: No sanitization, filtering, or validation is performed on the extracted text before it is presented to the agent. \n- DATA_EXFILTRATION (LOW): While the skill's purpose is to facilitate document access, the ability to read arbitrary files from the filesystem could be abused to expose sensitive information if an agent is successfully targeted by a prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata