docx
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the 'defusedxml' library for all XML parsing operations in scripts/document.py, scripts/utilities.py, and ooxml/scripts/pack.py, effectively mitigating XML External Entity (XXE) and billion laughs attacks.
- [SAFE]: External command executions in ooxml/scripts/pack.py and ooxml/scripts/validation/redlining.py are performed using the subprocess module with argument lists and no shell environment, preventing shell injection vulnerabilities.
- [SAFE]: The skill includes a local repository of official ISO and Microsoft OOXML schemas (XSD files) used for offline validation, ensuring that generated documents are compliant and safe to open in office applications.
- [SAFE]: File system operations are restricted to the provided document directories and temporary workspaces created for editing and validation.
Audit Metadata