docx
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of external CLI tools and agent-generated scripts for document manipulation. Evidence: The library uses subprocess.run to invoke soffice for document validation and git for generating word-level diffs in the redlining workflow. The skill's primary operation involves the agent writing and executing custom Python or Node.js scripts to interface with document structures.
- [EXTERNAL_DOWNLOADS]: The documentation identifies several external software dependencies required for full document processing capabilities. Evidence: SKILL.md lists pandoc, libreoffice, poppler-utils, the docx NPM package, and the defusedxml Python library as necessary components.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted external files. Ingestion points: Document content is ingested through pandoc conversion to markdown and direct reading of word/document.xml. Boundary markers: No specific delimiters or safety instructions are provided to isolate document content from the agent's instructional context. Capability inventory: The skill has file system access, shell execution capabilities, and the ability to run agent-generated code. Sanitization: Employs defusedxml for secure XML parsing and applies HTML escaping to author metadata.
Audit Metadata