docx
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The script 'ooxml/scripts/pack.py' utilizes 'subprocess.run' to execute 'soffice' (LibreOffice) for the purpose of document validation. While this is a core feature of the skill, it involves spawning an external process with file paths provided through command-line arguments.
- EXTERNAL_DOWNLOADS (LOW): Several XSD schema files within the 'ooxml/schemas/' directory, such as 'ooxml/schemas/ecma/fouth-edition/opc-coreProperties.xsd', contain references to external schema locations (e.g., 'dublincore.org'). These are standard metadata references in XML schemas and do not represent active script or package downloads.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection through its document processing logic, specifically a 'Zip Slip' vulnerability.
- Ingestion points: Office documents processed in 'ooxml/scripts/unpack.py' and 'ooxml/scripts/validation/docx.py'.
- Boundary markers: None. There are no delimiters or warnings to ignore embedded instructions in the processed data.
- Capability inventory: The skill can perform file system writes via 'zipfile.extractall' and command execution via 'soffice'.
- Sanitization: None. The 'unpack.py' script uses 'zipfile.ZipFile.extractall()' without validating the member filenames, which allows a maliciously crafted document to perform directory traversal and write files outside the intended directory.
Audit Metadata