Skills
skills/zephyrwang6/allskills/docx/Gen Agent Trust Hub

docx

Pass

Audited by Gen Agent Trust Hub on May 24, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill consistently uses the defusedxml library for parsing OOXML XML files in its core manipulation and utility scripts, including scripts/document.py and ooxml/scripts/unpack.py, which protects against XML External Entity (XXE) injection attacks.
  • [COMMAND_EXECUTION]: The skill executes external command-line tools such as pandoc, soffice (LibreOffice), and git via subprocess.run. These calls are used for legitimate document conversion, structural validation, and redlining comparison. The calls use command arrays rather than shell strings and avoid the use of shell=True, effectively minimizing command injection risks.
  • [SAFE]: Document processing operations are conducted within managed temporary directories via the tempfile module. This isolation ensures that intermediate processing artifacts do not pollute the user's primary workspace and provides a layer of filesystem security during document manipulation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 24, 2026, 12:07 PM
Security Audit — agent-trust-hub — docx