brand-docx

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions suggest installing or repairing missing Python dependencies (such as openpyxl, lxml, Pillow, and PyMuPDF) if the internal 'doctor' utility identifies them as missing. These are standard packages fetched from well-known registries.
  • [COMMAND_EXECUTION]: The skill relies on executing a local Python launcher (scripts/cli.py) and standard system utilities such as soffice (LibreOffice), pdftoppm, and tesseract (OCR) to perform document conversion, rendering, and visual audits.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from Word templates and user-provided content. However, this is mitigated by a fail-closed architecture: 1. Ingestion points: .docx templates and user input JSON. 2. Boundary markers: Content is isolated within a structured IntermediateDocument format. 3. Capability inventory: File system access and execution of local scripts/utilities. 4. Sanitization: The internal engine deterministically validates all model-generated instructions against an extracted fact bundle and enforces strict structural rules that prevent the injection of raw formatting values.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 AM
Security Audit — agent-trust-hub — brand-docx