hwpx
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill relies exclusively on Python standard libraries (xml.etree, zipfile, os) for document processing, avoiding external dependencies or unverifiable remote code.- [SAFE]: No network operations, data exfiltration patterns, or hardcoded credentials were identified in any of the scripts or templates.- [SAFE]: The skill instructions and code are consistent with its stated purpose of HWPX document manipulation, with clear documentation and proper resource management.- [SAFE]: Analyzed for indirect prompt injection surface as the skill processes external HWPX file content. The surface is inherent to file reading and no malicious exploitation or adversarial intent was found. * Ingestion points: scripts/hwpx_reader.py parses XML content from HWPX archives. * Boundary markers: No explicit markers in the script, as the output is intended for the agent's general context. * Capability inventory: File writing and directory management (os.makedirs, zipfile.ZipFile.write). * Sanitization: Employs standard XML parsing for data extraction.
Audit Metadata