docx-to-markdown

Fail

Audited by Snyk on May 18, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 0.80). The prompt includes explicit meta-instructions unrelated to DOCX→Markdown conversion—e.g., mandatory task-tracking, a "strict execution contract", and automatic subagent (spawn_agent) authorization—that attempt to change agent behavior and grant permissions outside the skill's stated purpose, which constitutes a prompt-injection risk.

Issues (1)

E004
CRITICAL

Prompt injection detected in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 18, 2026, 12:26 PM
Issues
1
Security Audit — snyk — docx-to-markdown