document-skills
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses subprocess calls to execute external tools such as LibreOffice (soffice), Pandoc, qpdf, and poppler-utils for document conversion and analysis.
- [COMMAND_EXECUTION]: The xlsx/recalc.py script dynamically generates StarBasic code for a LibreOffice macro and writes it to the user's application configuration directory (e.g., ~/.config/libreoffice/) to facilitate automatic formula calculation.
- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for installing numerous third-party libraries and system-level packages via npm, pip, and apt-get, including playwright, sharp, and pandoc.
- [PROMPT_INJECTION]: Several markdown files (docx/SKILL.md, pptx/SKILL.md) contain high-priority instructions intended to override agent default behaviors, such as 'MANDATORY
- READ ENTIRE FILE' and 'NEVER set any range limits', which are techniques used to ensure full context processing.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill processes untrusted user documents (.docx, .pdf, .pptx, .xlsx) through various text extraction and parsing tools.
- Boundary markers: There are no explicit markers or safety instructions to prevent the agent from following commands embedded within the processed document text.
- Capability inventory: The skill possesses file system access (unpacking OOXML), command execution (subprocess calls), and potential network access via installed packages.
- Sanitization: The skill recommends using 'defusedxml' for XML parsing to mitigate XML External Entity (XXE) and other XML-related attacks.
Audit Metadata