Alpha Preview: Fidensa is currently in early testing. Scores are for demonstration purposes and are not considered final or reliable.

Fidensa
Skill Certified

docx-skill

Creates, edits, and manipulates Microsoft Word documents (.docx) with support for formatting, tables, images, and professional document features.

86

/ 100 · Grade B

B = 80–89

I need to create, edit, or format professional Word documents with advanced features like tables, images, headers, and structured layouts.

document processingoffice productivitycontent creationfile manipulation
Publisher: anthropicsVersion: latestCertified: Mar 28, 2026Expires: Mar 28, 2027Source ↗

docx-skill earned Certified status with a trust score of 86/100 (Grade B). No adversarial findings — all attack patterns were handled gracefully. Security scan flagged 7 findings.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan
58% × 15w
8.7
supply chain
100% × 10w
10.0
adversarial
100% × 25w
25.0
provenance
80% × 20w
16.0
consumer confirm
100% × 10w
10.0
behavioral pass
100% × 10w
10.0
contract accuracy
67% × 6w
4.0
uptime
100% × 4w
4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL
staticbehavioralllmmeta
critical: 0high: 1medium: 4low: 2

Finding details

highcommand injectionllm

The accept_changes.py script creates and executes a LibreOffice macro that uses Basic script execution. The macro is dynamically generated and executed through LibreOffice's macro system, which could potentially be exploited for command injection if user input influences the macro content or file paths.

mediumdata exfiltrationllm

The skill creates temporary files and directories in predictable locations (/tmp/libreoffice_docx_profile, /tmp/lo_socket_shim.so) which could be exploited for symlink attacks or information disclosure if an attacker can predict these paths.

mediumcommand injectionstatic

Detects dangerous code execution patterns with untrusted input in agent skills: subprocess.run( [ "soffice", "--headless",

mediumcommand injectionllm

Multiple scripts execute shell commands with user-controlled file paths without proper sanitization. The soffice.py script uses subprocess.run with file paths that could contain shell metacharacters, and other scripts pass user-provided paths to system commands.

mediumobfuscationllm

The soffice.py script dynamically generates C code and compiles it at runtime to create a shared library shim. This pattern could be exploited if an attacker can influence the generated code or compilation process.

lowdata exfiltrationllm

The skill manifest does not specify the allowed-tools field, which means there are no declared restrictions on which agent tools can be used. While this field is optional, its absence means the skill can use any available agent tools without explicit permission.

lowprompt injectionllm

The skill instructions reference a file 'a.py' that does not exist in the skill package. While this appears to be a documentation error rather than a security threat, it could indicate incomplete skill packaging or potential confusion about file dependencies.

Adversarial Testing — 3 categories, 0 findings

prompt injection chainscapability squattingcontext poisoning

No adversarial findings — all attack patterns handled gracefully.

Methodology v1.0 · 3 categories · ~55 attack patterns

Pipeline Review — 1 finding

highsecurity

cisco_skill_scanner: high finding — command_injection

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

8

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 20824msp95: 24665msp99: 24665ms

Output size distribution

p50: 6.8 KBp95: 9.4 KBmean: 5.8 KB

Fingerprint v1.0 · Baseline: Mar 28, 2026 · Status: baseline

Interface

Skill triggers and instruction summary

Activation

Activates when user wants to create, read, edit, or manipulate Word documents (.docx files), including mentions of 'Word doc', '.docx', or requests for professional documents with formatting.

Handles all .docx file operations including creation, editing, content extraction, formatting, and conversion, but excludes PDFs, spreadsheets, Google Docs, or general coding tasks.

Instructions: 483Files: 2Format: markdown

Does

Create new .docx documents using docx-js with proper formatting

Extract content from existing .docx files using pandoc or XML unpacking

Edit existing documents by unpacking XML, modifying content, and repacking

Convert legacy .doc files to .docx format using LibreOffice

Accept tracked changes in documents

Convert documents to images via PDF intermediate format

Validate generated documents for XML compliance

Use smart quotes and proper typography in new content

Set explicit page sizes (defaults to US Letter, not A4)

Create tables with dual width specifications for cross-platform compatibility

Does not

Handle PDF files, spreadsheets, or Google Docs

Perform general coding tasks unrelated to document generation

Use unicode bullet characters in lists (uses proper numbering config)

Use percentage-based table widths (incompatible with Google Docs)

Create standalone PageBreak elements (must be within Paragraph)

Use tables as dividers or rules in headers/footers

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

creates files

yes

deletes files

no

modifies files

yes

accesses env variables

no

invokes external tools

yes

makes network requests

no

Known Failure Modes

Documented edge cases and recovery behaviors

when when docx-js creates invalid XML

then the agent validates and manually fixes XML structure

when when editing existing documents

then the agent follows the 3-step process: unpack, edit XML, repack

when when tables render incorrectly

then the agent ensures both table columnWidths and individual cell widths are set in DXA units

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

Fidensa Certified badge for docx-skill
badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "anthropics" is not verified — first certification from this publisher

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Repository is 3 days old — recently created

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hash
sha256:500ffd2537e51fe7e0a42b6cbf986e35abf495cf5f451f281df781084071f95d
Key ID
kms-9db4ed3b9f53
Certified
Mar 28, 2026
Expires
Mar 28, 2027
Pipeline version
1.0
Status
valid
Annotated Filedownload →

The original instruction file with a certification footer appended. Replace the source file in your project so AI agents see the trust score, verification link, and SOP.

.cert.jsondownload →

ES256-signed JWS artifact for programmatic verification. Use with the Fidensa MCP server or GitHub Action to validate integrity.

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

stage1-ingest.json

Ingest stage output

stage2a-sbom.json

SBOM generation results

stage2a-vulns.json

Vulnerability scan results

stage2b-security.json

Security scan results

stage3a-functional.json

Functional test results

stage3b-adversarial.json

Adversarial test results

stage3c-fingerprint.json

Behavioral fingerprint

stage4-certify.json

Certification decision + trust score

stage3a-measurements.json

Raw functional test measurements

stage3b-measurements.json

Raw adversarial test measurements

run-log.json

Pipeline execution log

Not all files may be present for every certification.