Security Audit

docx

github.com/skillcreatorai/Ai-Agent-Skills

AI SkillCommit 6195a031c29c

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

docx received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via external tools, Potential Arbitrary File Write via `fs.writeFileSync`.

The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 6195a031). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via external tools The skill instructs the agent to use multiple external shell commands (`pandoc`, `unzip`, `zip`, `soffice`, `pdftoppm`) for document processing. If the arguments to these commands (e.g., filenames, paths) are derived from untrusted user input without proper sanitization, an attacker could inject arbitrary shell commands, perform path traversal, or trigger unintended system actions. This poses a significant command injection risk across various operations like conversion, unpacking, and repacking. Agents must strictly validate and sanitize all user-provided inputs used in shell commands. Avoid direct shell execution with unsanitized input. Consider using a safe, sandboxed environment for executing external tools or using programming language-specific libraries for operations that avoid shell execution (e.g., Python's `zipfile` module instead of `unzip`/`zip`).	Unknown	SKILL.md:16
MEDIUM	Potential Arbitrary File Write via `fs.writeFileSync` The JavaScript example for creating new documents uses `fs.writeFileSync` to save a generated DOCX file. While the snippet shows a fixed filename ('document.docx'), if the agent were to construct this filename from untrusted user input, it could lead to writing files to arbitrary locations on the file system. This could result in overwriting critical system files, creating malicious files, or exfiltrating data by writing to publicly accessible directories. Agents must strictly validate and sanitize any user-provided filenames or paths before using them in file system write operations. Implement robust path validation to ensure files are only written to intended, sandboxed directories.	Unknown	SKILL.md:36

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/a58cd13a25bf412e.svg)](https://skillshield.io/report/a58cd13a25bf412e)