read-word
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates locally on the user's file system, reading document content only when explicitly requested. It does not perform any network requests or data exfiltration.
- [SAFE]: The dependencies
python-docxandolefileare well-known, established libraries for their respective formats and are used according to standard practices. - [INDIRECT_PROMPT_INJECTION]: The skill processes content from external files, which presents a surface for indirect prompt injection.
- Ingestion points: Text content is ingested from user-provided
.docxand.docfiles via theread_word_documentfunction inread_word.py. - Boundary markers: No delimiters or safety instructions are used to separate the document content from the agent's internal instructions.
- Capability inventory: The skill has file system access for reading documents and writing text output but lacks network or arbitrary command execution capabilities.
- Sanitization: Content is extracted and passed to the agent as raw text strings without filtering or escaping techniques.
Audit Metadata