docx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The script
ooxml/scripts/pack.pyusessubprocess.runto callsoffice(LibreOffice). This creates a risk of command exploitation or interaction with a complex external tool using agent-controlled files. - PROMPT_INJECTION (HIGH): The skill possesses a significant Indirect Prompt Injection surface (Category 8) as its core function is to process external documents.
- Ingestion points:
ooxml/scripts/unpack.pyextracts and reads content from user-provided.docx,.pptx, and.xlsxfiles. - Boundary markers: None detected. The skill does not use delimiters or instructions to ignore instructions embedded within the document XML.
- Capability inventory: Broad file system access via
extractalland external command execution viasubprocess.runinpack.py. - Sanitization: The
extractallmethod inooxml/scripts/unpack.pyis vulnerable to Zip Slip, which can overwrite files outside the target directory. Additionally,lxml.etreeinooxml/scripts/validation/docx.pyis used without explicit protections against XXE (XML External Entity) attacks.
Recommendations
- AI detected serious security threats
Audit Metadata