docx
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Vulnerability to Path Traversal (Zip Slip). The file
ooxml/scripts/unpack.pyuseszipfile.ZipFile(input_file).extractall(output_path)on user-provided Office documents. A malicious archive containing filenames with../sequences can overwrite arbitrary files on the local filesystem outside the intended directory. - [DATA_EXFILTRATION] (HIGH): Potential XML External Entity (XXE) vulnerability. In
ooxml/scripts/validation/docx.py,lxml.etree.parseis used to process XML content from the document without explicitly disabling entity resolution or DTD loading. This could allow an attacker to read local files or perform Server-Side Request Forgery (SSRF). - [COMMAND_EXECUTION] (MEDIUM): Subprocess execution of
soffice. The scriptooxml/scripts/pack.pyexecutes thesoffice(LibreOffice) binary to validate documents. Processing complex, attacker-controlled file formats through a large office suite increases the risk of exploiting vulnerabilities in the conversion engine. - [Indirect Prompt Injection] (HIGH): High-risk ingestion surface with significant capabilities.
- Ingestion points:
ooxml/scripts/unpack.py(Office file extraction). - Boundary markers: Absent. The skill does not delimit or warn the agent about untrusted content within the XML files.
- Capability inventory:
subprocess.run(['soffice', ...])inooxml/scripts/pack.py, arbitrary file writes inooxml/scripts/unpack.py, and file reading inooxml/scripts/validation/docx.py. - Sanitization: Absent. There is no validation of zip entry paths or XML structure for malicious entities.
Recommendations
- AI detected serious security threats
Audit Metadata