docx-processor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from external Word documents.
- Ingestion points:
scripts/read_docx.pyandscripts/convert_docx.pyread text, tables, and styles from user-provided.docxfiles. - Boundary markers: Absent. The extracted content is passed to the agent without delimiters or warnings to ignore instructions embedded within the document.
- Capability inventory: The skill possesses file-read capabilities (any path provided by the user) and file-write capabilities (writing converted results to
/tmp/openskills-converted/). - Sanitization: Absent. The Python scripts extract raw text from XML structures and return it directly to the agent's context.
- COMMAND_EXECUTION (SAFE): While the scripts perform file system operations (read/write), they are restricted to the intended purpose of document processing. The use of
pathlib.Path.expanduser()is standard for handling user-provided file paths.
Audit Metadata