docx
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes external tools (soffice, git, pandoc, pdftoppm) for document processing. Subprocess calls in ooxml/scripts/pack.py and ooxml/scripts/validation/redlining.py use list-based arguments instead of shell strings to avoid command injection vulnerabilities. These operations are essential for the skill's primary function of document conversion and validation.
- [SAFE]: The skill implements adequate mitigations for processing untrusted data.
- Ingestion point: ooxml/scripts/unpack.py reads and processes Office documents.
- Boundary markers: Absent (untrusted XML content is parsed directly into the context).
- Capability inventory: Subprocess execution of document tools (ooxml/scripts/pack.py, ooxml/scripts/validation/redlining.py) and file-write capabilities (scripts/document.py).
- Sanitization: Consistent use of defusedxml (scripts/document.py, scripts/utilities.py, ooxml/scripts/pack.py) to prevent XML External Entity (XXE) attacks.
- [SAFE]: No malicious patterns or data exfiltration detected. The skill operates on local files within the agent's workspace. No hardcoded credentials or unauthorized network requests were found. Metadata fields like author names are properly escaped in scripts/document.py using HTML entities to prevent injection into document metadata.
Audit Metadata