docx
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from Word documents, which can act as a vector for indirect prompt injection.
- Ingestion points: XML content from Word files is read and parsed in the Document class (scripts/document.py).
- Boundary markers: No explicit delimiters are used to separate ingested document text from the AI's internal instructions.
- Capability inventory: The skill has the ability to execute system commands via subprocess and perform disk operations.
- Sanitization: The skill employs defusedxml for secure XML parsing and uses html.escape for metadata such as author names.
- [COMMAND_EXECUTION]: The skill executes external binaries and runtimes.
- Evidence: It uses subprocess.run to call utilities such as LibreOffice (soffice) and git. It correctly passes arguments as lists, avoiding shell injection vulnerabilities. It also facilitates the execution of AI-generated JavaScript for document creation using the docx library.
- [EXTERNAL_DOWNLOADS]: The skill documentation requires the installation of external dependencies.
- Evidence: Documentation in SKILL.md and docx-js.md references the installation of the docx package from the npm registry and system-level tools like pandoc and LibreOffice.
Audit Metadata