docx-design-agent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface because it reads content from external Word documents to guide its automation. Evidence Chain: 1. Ingestion points: The 'Edit Existing (Live IPC)' workflow reads content from open documents using AppleScript. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are specified in the provided documentation. 3. Capability inventory: The skill utilizes
python-docxfor file operations andosascriptfor AppleScript IPC, which can interact with the system and other applications. 4. Sanitization: No sanitization of ingested document content is documented. - COMMAND_EXECUTION (LOW): The skill relies on
osascript(AppleScript) for 'live editing' and 'finalization'. Although intended for Word automation, AppleScript is capable of executing arbitrary shell commands and controlling system behavior, representing a high-privilege execution environment that could be abused if the agent interprets malicious content from a document as instructions.
Audit Metadata