Skills
skills/lawve-ai/awesome-legal-skills/docx-processing-openai/Gen Agent Trust Hub

docx-processing-openai

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/render_docx.py script invokes soffice (LibreOffice) via subprocess.run to handle document conversions. The implementation uses secure argument lists to avoid shell injection.
  • [EXTERNAL_DOWNLOADS]: The skill documentation advises installing reputable Python packages like python-docx and pdf2image, as well as system tools like libreoffice and poppler-utils. These are standard for document workflows.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface when processing external documents.
  • Ingestion points: DOCX files are ingested and parsed in scripts/render_docx.py.
  • Boundary markers: Not present.
  • Capability inventory: Subprocess execution and file system writes.
  • Sanitization: Not present.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 04:13 AM
Security Audit — agent-trust-hub — docx-processing-openai