Docx
Warn
Audited by Snyk on Jun 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required runtime workflow for this skill involves unpacking a user-provided .docx (ZIP) and then parsing its XML into readable text/DOM (e.g.,
unpack.pyextractsword/document.xmlandutilities.py/document.pyparse it withdefusedxml.minidom.parse), so if the .docx is authored by an outsider, their free-form document text/comments are ingested into the agent’s LLM context via extracted/converted content (e.g., pandoc output or XML text traversal).
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs using sudo apt-get install for system packages (pandoc, LibreOffice), which encourages obtaining elevated privileges even though most workflows are user-space file edits, so it poses a moderate risk of changing machine state.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata