docx
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes internal Python scripts that execute specific system utilities to perform necessary document validation and comparison. In
ooxml/scripts/pack.py, thesofficecommand from LibreOffice is called to validate the document integrity during the packing process. Inooxml/scripts/validation/redlining.py, thegitutility is used to generate word-level diffs, enabling the validation of tracked changes.\n- [PROMPT_INJECTION]: The skill processes and extracts text content from user-provided documents, which introduces a surface for indirect prompt injection attacks if the documents contain instructions intended to manipulate the AI agent. \n - Ingestion points: Document content enters the agent context through
pandoctext extraction and direct XML reading ofword/document.xml.\n - Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions when presenting extracted document content to the agent.\n
- Capability inventory: The skill possesses file-system write access via
doc.save()and command execution capabilities through the provided validator scripts.\n - Sanitization: The skill author has explicitly used the
defusedxmllibrary for parsing XML content, which mitigates XML External Entity (XXE) and other XML-based attacks.\n- [EXTERNAL_DOWNLOADS]: The skill relies on several well-known system dependencies and libraries for its document processing workflows, includingpandoc,LibreOffice,Poppler, and thedocxNPM package. These are widely recognized and standard tools for these operations.
Audit Metadata