ai-docx

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data, which presents an indirect prompt injection attack surface as defined in Category 8.
  • Ingestion points: Untrusted data enters the context via the materialText, materialFile, and materialUrl parameters in references/form-schema.json.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found in the skill instructions.
  • Capability inventory: The skill performs network requests via the urllib.request module in scripts/run.py to send data to the backend API.
  • Sanitization: No sanitization or escaping of the user-provided document content is performed in the local runner script before transmission.
  • [COMMAND_EXECUTION]: The skill includes an executable Python script scripts/run.py intended for users to run locally to facilitate interaction with the AI Skills API.
  • [EXTERNAL_DOWNLOADS]: The runner script initiates network connections to the vendor's domain ai-skills.ai. Per the author context guidelines, this domain is recognized as the official endpoint for the skill's operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-docx