Skills
NYC
skills/vamseeachanta/workspace-hub/docx-templates/Gen Agent Trust Hub

docx-templates

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill provides an attack surface for Server-Side Template Injection (SSTI) by processing external templates and data sources with the Jinja2 engine.
  • Ingestion points: The skill loads Word templates (DocxTemplate("template.docx")) and external data files (csv.DictReader(f)) as shown in README.md.
  • Boundary markers: Absent. The skill uses standard Jinja2 delimiters ({{ }}) without defining security boundaries for untrusted input.
  • Capability inventory: The template.render() method executes dynamic Jinja2 logic, and template.save() provides file system write capabilities (README.md).
  • Sanitization: Absent. There is no mention of using a Jinja2 SandboxedEnvironment or input validation to prevent malicious code execution via template tags.
  • [Unverifiable Dependencies] (MEDIUM): The README.md recommends pip install docxtpl Pillow. While these are legitimate libraries, they are not from the provided list of trusted sources, and runtime package installation introduces risk from the public package ecosystem.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 03:48 AM