document-skills/docx
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands to validate document integrity and analyze tracked changes.
- Evidence:
ooxml/scripts/pack.pycallssoffice(LibreOffice) to verify that generated files are not corrupt. - Evidence:
ooxml/scripts/validation/redlining.pyusesgit diffto compare text content and verify that all changes made by the agent are properly tracked as revisions. - [PROMPT_INJECTION]: The skill processes untrusted document data (.docx) and possesses capabilities to write files and execute system utilities, which presents a surface for indirect prompt injection.
- Ingestion points:
scripts/document.pyreads and parsesword/document.xmlfrom user-provided files. - Boundary markers: Instructions in
SKILL.mdrequire reading documentation entirely to define strict operational boundaries. - Capability inventory:
scripts/document.py(file system writes),ooxml/scripts/pack.py(subprocess execution). - Sanitization: The skill correctly uses the
defusedxmllibrary to parse XML content, which mitigates XML External Entity (XXE) and other common XML-based vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to install standard industry-standard dependencies.
- Evidence:
SKILL.mdcontains a 'Dependencies' section directing users to installpandoc,libreoffice, anddocx(npm) from official package managers and system repositories.
Audit Metadata