wps-office
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection. It is designed to ingest data from untrusted external sources, specifically Word documents, Excel spreadsheets, and PowerPoint presentations, using tools such as
wps_word_get_document_textandwps_excel_read_range. There are no boundary markers or explicit instructions provided to the agent to ignore or sanitize embedded instructions within the processed data, which could allow a malicious document to hijack the agent's behavior. - [COMMAND_EXECUTION]: The skill integrates a large library of 227 MCP tools that allow for extensive manipulation of the local file system within the WPS Office environment. This includes creating, opening, saving, and converting files (e.g.,
wps_common_save_as,wps_convert_format), as well as executing batch operations on multiple documents. - [DATA_EXFILTRATION]: The skill has the capability to read sensitive information from local documents (Excel cells, Word text, PPT slide info). While no direct network exfiltration commands (like curl or wget) are present in the skill definition, the read access to user documents combined with the agent's inherent ability to send information to its model backend creates a risk of data exposure.
Audit Metadata