pptx
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The file
ooxml/scripts/unpack.pyuseszipfile.ZipFile.extractall()on user-supplied office documents without validating that the extracted file paths are contained within the target directory. This facilitates a 'Zip Slip' attack, allowing an attacker to overwrite sensitive files (e.g.,.bashrc, SSH keys) by using path traversal sequences in filenames within the ZIP archive. - [COMMAND_EXECUTION] (MEDIUM): The file
ooxml/scripts/pack.pyinvokes thesoffice(LibreOffice) binary viasubprocess.run. Processing untrusted, attacker-controlled documents through a complex office suite for conversion or validation exposes the system to potential vulnerabilities and memory corruption bugs within the office suite's parser. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted XML content from office files. Ingestion points: Document extraction in
ooxml/scripts/unpack.py. Boundary markers: Absent in XML processing. Capability inventory: Arbitrary file writes and subprocess execution. Sanitization: Whiledefusedxmlis used in some scripts,ooxml/scripts/validation/docx.pyuses standardlxml.etree.parsewhich may be vulnerable to XXE depending on the environment configuration.
Recommendations
- AI detected serious security threats
Audit Metadata