docx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted Office documents. While it uses
defusedxmlto prevent XXE, the resulting text could influence agent behavior. \n- Ingestion points:ooxml/scripts/unpack.pyandooxml/scripts/validate.py. \n- Boundary markers: Absent. \n- Capability inventory: File system access, zip manipulation, andsofficeexecution. \n- Sanitization: Employsdefusedxmlto mitigate XML-based vulnerabilities. \n- Command Execution (SAFE): Usessubprocess.runwith argument lists for LibreOffice validation, avoiding shell injection risks.
Audit Metadata