Skills
skills/lifangda/claude-plugins/docx/Gen Agent Trust Hub

docx

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and processes data from external document files.\n
  • Ingestion points: Untrusted data enters the context when the agent reads XML files extracted from user-provided .docx files via ooxml/scripts/unpack.py and scripts/utilities.py.\n
  • Boundary markers: Absent; the instructions do not specify the use of delimiters to separate external content from internal instructions.\n
  • Capability inventory: The skill can perform file system writes and execute shell commands (soffice, git) as seen in ooxml/scripts/pack.py and ooxml/scripts/validation/redlining.py.\n
  • Sanitization: The skill mitigates XML-based attacks (e.g., XXE) by using the defusedxml library in scripts/document.py and scripts/utilities.py.\n- [COMMAND_EXECUTION]: The skill executes soffice (LibreOffice) and git via subprocess.run. These commands are used for document format conversion, validation, and diffing, which are essential to the skill's primary document management functions.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of external tools and libraries including pandoc, libreoffice, poppler-utils, docx (npm), and defusedxml (pip). These are all well-known and widely used utilities from established sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 04:01 AM
Security Audit — agent-trust-hub — docx