lovstudio-any2docx
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute a Python script (
lovstudio-any2docx/scripts/md2docx.py) with various arguments to process files and generate output. - [EXTERNAL_DOWNLOADS]: The
md2docx.pyscript automatically downloads remote image assets usingurllib.request.urlretrievewhen Markdown image syntax () contains an HTTP/HTTPS URL. This behavior is intended for embedding images but allows network access to arbitrary domains. - [EXTERNAL_DOWNLOADS]: The skill instructions and documentation specify the installation of an external dependency,
python-docx, from a package registry. - [DATA_EXFILTRATION]: The automated fetching of remote images creates a network communication channel. While primarily used for resource fetching, it provides a mechanism for network probes or SSRF if an attacker provides a Markdown file with malicious URLs.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted Markdown content without sanitization or strict boundary markers.
- Ingestion points: The
--inputargument inmd2docx.pyspecifies the path to the Markdown file being processed. - Boundary markers: None. The script directly parses the content of the provided file.
- Capability inventory: The script has the ability to write files to the local system (
doc.save) and perform network read operations (urllib.request.urlretrieve). - Sanitization: The script performs no validation or sanitization of image URLs or other Markdown content before processing them.
Audit Metadata