document-skills/docx

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands to validate document integrity and analyze tracked changes.
  • Evidence: ooxml/scripts/pack.py calls soffice (LibreOffice) to verify that generated files are not corrupt.
  • Evidence: ooxml/scripts/validation/redlining.py uses git diff to compare text content and verify that all changes made by the agent are properly tracked as revisions.
  • [PROMPT_INJECTION]: The skill processes untrusted document data (.docx) and possesses capabilities to write files and execute system utilities, which presents a surface for indirect prompt injection.
  • Ingestion points: scripts/document.py reads and parses word/document.xml from user-provided files.
  • Boundary markers: Instructions in SKILL.md require reading documentation entirely to define strict operational boundaries.
  • Capability inventory: scripts/document.py (file system writes), ooxml/scripts/pack.py (subprocess execution).
  • Sanitization: The skill correctly uses the defusedxml library to parse XML content, which mitigates XML External Entity (XXE) and other common XML-based vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for the user to install standard industry-standard dependencies.
  • Evidence: SKILL.md contains a 'Dependencies' section directing users to install pandoc, libreoffice, and docx (npm) from official package managers and system repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:40 AM
Security Audit — agent-trust-hub — document-skills/docx