docx
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): In ooxml/scripts/pack.py, the script uses subprocess.run to invoke the soffice binary for document validation. This is an intended part of the skill's primary purpose to ensure generated documents are not corrupt, though it involves executing a system command.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to process external and potentially untrusted Office documents. Mandatory Evidence Chain: 1. Ingestion points: zipfile.ZipFile.extractall in ooxml/scripts/unpack.py and lxml.etree.parse in ooxml/scripts/validation/docx.py. 2. Boundary markers: None identified. 3. Capability inventory: Command execution via soffice and file system writes. 4. Sanitization: The skill uses defusedxml for main XML parsing, but ooxml/scripts/validation/docx.py uses lxml without explicit security hardening against XXE, presenting a minor surface for data exposure if processing malicious XML files.
Audit Metadata