docx-official
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes external system utilities including
soffice(LibreOffice),git, andpdftoppm. These calls, located inooxml/scripts/pack.pyandooxml/scripts/validation/redlining.py, are used for document integrity validation and text comparison. The implementation uses command arrays (lists) rather than shell strings, preventing shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: Setup instructions recommend installing dependencies from trusted system repositories and official package managers (apt, npm, and pip). These references target well-known technology providers and official registries.
- [DATA_EXPOSURE]: The skill handles user-provided Office documents, which are essentially ZIP archives. The
ooxml/scripts/unpack.pyscript includes explicit security checks to detect and reject unsafe archive members (symlinks and path traversal attempts). Furthermore, all XML processing is performed using thedefusedxmllibrary to mitigate XXE risks. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted document content which is eventually exposed to the AI agent's context as markdown or text. This represents a standard indirect prompt injection surface for analysis skills. The risk is managed by treating document content as data rather than executable instructions, alongside the platform's native safety guardrails.
Audit Metadata