skills/lc2panda/wps-skills/wps-office/Gen Agent Trust Hub

wps-office

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection. It is designed to ingest data from untrusted external sources, specifically Word documents, Excel spreadsheets, and PowerPoint presentations, using tools such as wps_word_get_document_text and wps_excel_read_range. There are no boundary markers or explicit instructions provided to the agent to ignore or sanitize embedded instructions within the processed data, which could allow a malicious document to hijack the agent's behavior.
  • [COMMAND_EXECUTION]: The skill integrates a large library of 227 MCP tools that allow for extensive manipulation of the local file system within the WPS Office environment. This includes creating, opening, saving, and converting files (e.g., wps_common_save_as, wps_convert_format), as well as executing batch operations on multiple documents.
  • [DATA_EXFILTRATION]: The skill has the capability to read sensitive information from local documents (Excel cells, Word text, PPT slide info). While no direct network exfiltration commands (like curl or wget) are present in the skill definition, the read access to user documents combined with the agent's inherent ability to send information to its model backend creates a risk of data exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 01:48 AM
Security Audit — agent-trust-hub — wps-office