wps-word-automation
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill extracts text from Word and WPS documents, creating an ingestion point for indirect prompt injection attacks. Ingestion points: Text is extracted via COM objects in the cmd_read and cmd_headings functions within wps_word_automation.py. Boundary markers: The extracted content is returned without any delimiters or markers to distinguish it from system instructions. Capability inventory: The skill allows reading, modifying, merging, and exporting documents, as well as inserting images. Sanitization: No filtering or sanitization is performed on the text content retrieved from external files.
- [COMMAND_EXECUTION]: The skill executes a local Python script that uses the Windows COM interface to control office applications, which is a powerful capability for local document manipulation.
Audit Metadata