python-docx
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The documentation recommends installing standard, well-maintained libraries (
python-docx,Pillow) from the official Python Package Index (PyPI). No suspicious or unversioned external scripts are involved. - DATA_EXFILTRATION (SAFE): The skill demonstrates local file creation ('output.docx'). There are no commands that transmit data to external servers or access sensitive system directories.
- FALSE POSITIVE DETECTION (SAFE): The automated scanner flags for 'font.name' and 'run.font.name' as malicious URLs are false positives. In the context of Word document automation, these are standard object attributes used to set font properties in Python code, not network domains.
Recommendations
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata