docx
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's workflow involves compiling and running C# code that is dynamically generated or modified by the AI agent in assets/templates/Program.cs. This allows the agent to execute arbitrary code on the local machine.
- [REMOTE_CODE_EXECUTION]: The skill includes a prebuilt native ELF binary (validator/Validator) and a .NET library (validator/Validator.dll) that are executed during the document validation process. These files are opaque and their behavior cannot be verified through static analysis.
- [COMMAND_EXECUTION]: The scripts/docx bash script performs various system operations, including managing local directories, modifying file permissions (chmod +x), and invoking the .NET CLI and Python interpreter.
- [EXTERNAL_DOWNLOADS]: The skill downloads the .NET SDK installation script from https://dot.net/v1/dotnet-install.sh using curl.
- [PROMPT_INJECTION]: The skill processes untrusted Word documents. 1. Ingestion points: scripts/docx_lib/editing/xml_tolerance.py parses XML from unzipped .docx files. 2. Boundary markers: Absent for document content. 3. Capability inventory: scripts/docx invokes dotnet build, dotnet run, and python via subprocess calls. 4. Sanitization: revisions.py uses xml_escape for inserted text, but the agent processes and interprets existing document content which may contain malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata