docx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill ingests untrusted data from external .docx files and has file-write (doc.save) and shell-execution (pandoc) capabilities. Malicious instructions embedded in a processed document could hijack the agent's flow. \n
- Ingestion points: Reading docx files via python-docx or pandoc as shown in SKILL.md. \n
- Boundary markers: Absent. No delimiters or instructions are provided to the agent to ignore embedded content. \n
- Capability inventory: File writing (doc.save), subprocess execution (pandoc, LibreOffice). \n
- Sanitization: Absent. No evidence of content filtering or validation before processing or saving. \n- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes shell commands for format conversion (e.g., pandoc document.docx). If filenames are user-provided and not properly sanitized before being passed to the shell, it presents a risk of command injection.
Recommendations
- AI detected serious security threats
Audit Metadata