microsoft-word
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install well-known and trusted Python packages
python-docxanddocxtplfor document processing. - [COMMAND_EXECUTION]: The skill performs expected file system operations such as reading and writing .docx and .csv files. It also utilizes the Microsoft Graph API for cloud-based document management, which is consistent with its stated purpose.
- [PROMPT_INJECTION]: Indirect prompt injection surface identified, as the skill processes content from external files.
- Ingestion points: Processes data from
report.docx,template.docx, andclients.csvfiles. - Boundary markers: No specific delimiters or instructions to ignore embedded instructions are implemented in the provided scripts.
- Capability inventory: The skill possesses the capability to write to the local file system and upload data to OneDrive/SharePoint via the Microsoft Graph API.
- Sanitization: There is no evidence of content sanitization or validation for the data read from external sources before it is processed or rendered into documents.
Audit Metadata