pptx
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The
pack.pyscript executessoffice(LibreOffice/OpenOffice) viasubprocess.runto validate document integrity after repacking. This is implemented securely by passing arguments as a list and avoidingshell=True, which prevents command injection vulnerabilities.\n- DATA_EXFILTRATION (SAFE): The skill handles XML data usingdefusedxmlinpack.pyandunpack.py, mitigating risks from XML External Entity (XXE) and recursive entity expansion (Billion Laughs) attacks. Whiledocx.pyuseslxml, the overall design indicates a strong emphasis on secure file processing in a document-handling context.\n- REMOTE_CODE_EXECUTION (SAFE): No remote code execution patterns, external script downloads, or dynamic execution of untrusted input were detected. The skill relies on established libraries and standard system utilities for its document processing tasks.
Audit Metadata