docx
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill explicitly directs the agent to execute 'sudo apt-get install' commands for system dependencies (pandoc, libreoffice, poppler). This grants the agent administrative privileges that could be abused if compromised.
- [Dynamic Execution] (HIGH): The core workflow involves the dynamic creation and execution of Python and JavaScript/TypeScript scripts to manipulate OOXML structures. Script generation based on external file content is a significant security risk for arbitrary code execution.
- [Command Execution] (MEDIUM): The skill utilizes shell commands to run external binaries (pandoc, soffice, pdftoppm) on user-provided .docx files. If filenames or internal content are not properly sanitized, this could lead to command injection.
- [Prompt Injection] (LOW): The skill uses authoritative 'MANDATORY' language and instructs the agent to ignore standard range limits ('NEVER set any range limits') when reading documentation, which is a pattern used to override default agent safety or operational constraints.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted .docx files and processes them through multiple complex parsers. While 'defusedxml' is listed, the multi-tool pipeline (pandoc -> PDF -> images) remains a surface for data-driven attacks.
Recommendations
- AI detected serious security threats
Audit Metadata