Skills
skills/taylorarndt/a11y-agent-team/office-remediation/Gen Agent Trust Hub

office-remediation

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides patterns for PowerShell COM automation (e.g., New-Object -ComObject Word.Application) and shell commands (sed, zip, unzip) to programmatically modify Office documents. These are standard techniques for the skill's stated purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill provides patterns for processing external Office documents (Word, Excel, PowerPoint). Ingesting untrusted document content poses a potential surface for indirect prompt injection if the agent interprets document text or metadata as instructions.
  • Ingestion points: File loading calls in SKILL.md via python-docx, openpyxl, and python-pptx libraries.
  • Boundary markers: Absent; the provided code snippets do not include delimiters or warnings to ignore instructions inside the documents.
  • Capability inventory: The skill documents file system writes (.save()), PowerShell COM automation, and direct XML manipulation via sed across Word, Excel, and PowerPoint files.
  • Sanitization: Absent; the patterns focus on functionality and do not demonstrate input validation or sanitization of document content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 11:44 PM