openai-doc
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The skill instructions include the use of sudo apt-get install to set up system dependencies. Executing commands with root privileges is a high-risk pattern for automated agents.
- Unverifiable Dependencies (MEDIUM): The skill installs python-docx and pdf2image from external repositories that are not on the trusted sources list, introducing supply chain risk.
- Indirect Prompt Injection (LOW): The skill processes untrusted .docx files, creating a surface for indirect prompt injection. Evidence: (1) Ingestion point: input_path in scripts/render_docx.py and workflow steps in SKILL.md. (2) Boundary markers: Absent; no delimiters are used to isolate document content. (3) Capability inventory: The skill can execute system binaries via subprocess.run and write to the file system. (4) Sanitization: Absent; content is parsed directly without filtering.
- Dynamic Execution (LOW): The script executes system binaries (soffice and pdftoppm) via subprocess.run, which is standard but increases the overall attack surface.
Audit Metadata