docx-templates

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.95). High-risk: the skill accepts and renders user-supplied DOCX templates (written to disk without sanitization) and performs Jinja2 template rendering, arbitrary file writes/reads, remote URL fetches and database query execution patterns — together these allow server-side template injection (SSTI)/RCE, SSRF/path traversal and potential data exfiltration when deployed as-is.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted third-party content: it fetches arbitrary image URLs via add_image_from_url / ImageHandler.add_image_from_url (requests.get) and accepts user-uploaded templates and user-provided data through the FastAPI endpoints (/templates/upload and /generate), which are read and rendered as part of the document-generation workflow.