docx
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates a strong security posture for document processing.
- [SAFE]: Employs
defusedxmlconsistently across all Python scripts for XML parsing and manipulation. This is a critical security measure that mitigates XML External Entity (XXE) vulnerabilities and XML bomb attacks commonly associated with Office Open XML (OOXML) processing. - [SAFE]: Includes an extensive validation framework in
ooxml/scripts/validation/. This system uses official ISO-IEC 29500-4 XSD schemas and custom redlining validators to ensure document integrity and structural compliance before and after manipulation. - [COMMAND_EXECUTION]: Uses
subprocess.runto call system utilities such assoffice(LibreOffice),git, andpandoc. These calls are implemented securely using list-based arguments without shell invocation (shell=Falsedefault) and are limited to specific validation, conversion, and comparison tasks essential to the skill's primary purpose. - [SAFE]: No evidence of credential exposure, data exfiltration, or obfuscation was found. All file operations are localized to the provided directory and temporary system paths.
- [SAFE]: Indirect prompt injection surfaces are managed by extracting text through
pandocand using structured DOM manipulation for edits, which reduces the likelihood of unintended instruction execution compared to raw text processing.
Audit Metadata