docx
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses system commands to validate documents and perform comparisons. Evidence includes ooxml/scripts/pack.py calling soffice for conversion-based validation and ooxml/scripts/validation/redlining.py executing git diff to compare text content between original and modified XML files.\n- [EXTERNAL_DOWNLOADS]: Documentation instructs on the installation of external tools. SKILL.md lists commands to install pandoc, docx (npm), libreoffice, and poppler-utils.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes content from user-provided documents. Ingestion points include ooxml/scripts/unpack.py and scripts/document.py, which read and manipulate untrusted XML data. Boundary markers are absent in the logic for separating document content from agent instructions. Capability inventory includes executing system commands and file system operations. While defusedxml mitigates structural XML attacks, no natural language sanitization is implemented for the document content.
Audit Metadata