docx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill’s runtime workflow for editing existing DOCX files unpacks the user-provided DOCX into XML and then the agent may operate on that XML (e.g., via scripts/office/unpack.py → unpacked/word/document.xml), so any text already present in an outsider-authored DOCX becomes readable LLM context through the unpacked XML.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)