docx
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
subprocess.runwithinpack.pyandredlining.pyto callsoffice(LibreOffice) andgit. These tools are used for the primary functional purpose of document conversion and validation. The execution uses list-based arguments with shell processing disabled, which prevents command injection. - [EXTERNAL_DOWNLOADS]: The documentation references standard external dependencies required for document processing, including
pandoc,libreoffice,poppler-utils, and thedocxNPM package. These are well-known tools from trusted sources. - [PROMPT_INJECTION]: Forceful instructional language such as "MANDATORY
- READ ENTIRE FILE" is used in
SKILL.mdto guide the AI agent's processing of library documentation. These are benign instructions intended to prevent truncation of context during API learning. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests untrusted
.docxfiles. While it lacks explicit natural language boundary markers for extracted text, it employs high-quality technical sanitization by using thedefusedxmllibrary for all XML parsing, effectively preventing XXE and other XML-based exploits.
Audit Metadata