syncfusion-java-word
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it provides code templates for ingesting and processing external data sources and document formats.\n
- Ingestion points: Untrusted data enters the context through mail merge operations using XML and JSON (references/mail-merge.md), HTML-to-Word conversions (references/html-conversions.md), and the loading of external Word, RTF, or Markdown files (references/document-structure.md, references/markdown-conversion.md, references/rtf-conversions.md).\n
- Boundary markers: The provided code snippets do not include explicit boundary markers or instructions to treat embedded content as untrusted to prevent the accidental execution of instructions within data.\n
- Capability inventory: The generated Java code utilizes file system APIs (java.io.FileInputStream, java.io.FileOutputStream) and provides capabilities for document transformation, macro management, and encryption.\n
- Sanitization: The reference snippets do not implement specific input validation or sanitization for the external data being merged or converted.
Audit Metadata