Docx

Warn

Audited by Snyk on Jun 30, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The required runtime workflow for this skill involves unpacking a user-provided .docx (ZIP) and then parsing its XML into readable text/DOM (e.g., unpack.py extracts word/document.xml and utilities.py/document.py parse it with defusedxml.minidom.parse), so if the .docx is authored by an outsider, their free-form document text/comments are ingested into the agent’s LLM context via extracted/converted content (e.g., pandoc output or XML text traversal).

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs using sudo apt-get install for system packages (pandoc, LibreOffice), which encourages obtaining elevated privileges even though most workflows are user-space file edits, so it poses a moderate risk of changing machine state.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 03:34 PM
Issues
2
Security Audit — snyk — Docx