Skills
skills/aaaaqwq/agi-super-team/docx/Gen Agent Trust Hub

docx

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The documentation in SKILL.md, docx-js.md, and ooxml.md contains steering instructions (e.g., "MANDATORY
  • READ ENTIRE FILE", "NEVER set any range limits") that attempt to dictate the agent's operational behavior and tool usage parameters to ensure documentation is processed in its entirety.
  • [PROMPT_INJECTION]: The skill processes untrusted user-provided office documents, creating a potential surface for indirect prompt injection attacks where malicious content in a document could influence agent behavior during analysis.
  • Ingestion points: XML content is unpacked and parsed in ooxml/scripts/unpack.py and scripts/document.py.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are utilized when presenting extracted markdown to the agent.
  • Capability inventory: The skill can execute system commands via subprocess.run (e.g., soffice, git, pandoc) and perform file system operations.
  • Sanitization: Uses the defusedxml library to mitigate XML-based attacks like XXE.
  • [COMMAND_EXECUTION]: Documentation provides setup instructions that include running commands with sudo for installing system dependencies like libreoffice and pandoc.
  • [EXTERNAL_DOWNLOADS]: The skill requires external packages from standard registries, including the docx npm package and various Python libraries.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:59 AM