docx

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design.
  • Ingestion points: The skill instructions guide the agent to use pandoc to convert .docx files to markdown for analysis and provide scripts (ooxml/scripts/unpack.py) to extract raw XML content into the agent's context.
  • Boundary markers: There are no explicit instructions, system delimiters, or 'ignore embedded instructions' warnings provided to the agent when it ingests text content from these external documents.
  • Capability inventory: The skill environment provides broad capabilities including Python script execution via a custom Document library, JavaScript execution via the docx-js library, and shell command execution using subprocess calls to pandoc, soffice, and git.
  • Sanitization: While the skill implementation uses defusedxml to safely parse XML structures, the natural language content extracted from the documents is not sanitized or filtered before being interpolated into the agent's prompt context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — docx