anthropic-docx
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local system utilities for document processing and validation.
ooxml/scripts/pack.pyexecutessoffice(LibreOffice) in headless mode to validate generated documents by attempting an HTML conversion.ooxml/scripts/validation/redlining.pyexecutesgit diffto perform character-level comparison between original and modified documents to ensure edits are correctly tracked.- [EXTERNAL_DOWNLOADS]: Documentation guides the user to install standard third-party dependencies from official package registries and system repositories.
- Identifies requirements for
pandoc,LibreOffice,poppler-utils, and thedocxNode.js package. - [SAFE]: The skill follows security best practices for document manipulation and data handling.
- Consistent use of
defusedxmlacrossunpack.py,document.py, andutilities.pyprotects against XML-based attacks during the ingestion of Word documents. - The implementation uses standard library functions and focuses on local file system operations without network activity, minimizing the risk of data exfiltration.
- Proper XML escaping is implemented for author metadata and comment text in
scripts/document.py.
Audit Metadata