pptx
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Vulnerability to 'Zip Slip' path traversal in
ooxml/scripts/unpack.pyandooxml/scripts/validation/docx.py. The scripts usezipfile.ZipFile.extractall()on untrusted input files without validating the paths of the members within the archive. An attacker could craft a malicious Office document containing file entries with '..' path segments to overwrite sensitive files outside the intended extraction directory. - [COMMAND_EXECUTION] (MEDIUM): The script
ooxml/scripts/pack.pyusessubprocess.runto call thesofficebinary for document validation. While it uses an argument list to prevent shell injection, executing a complex external utility on untrusted data remains a significant security risk. - [DATA_EXFILTRATION] (SAFE): No hardcoded credentials or unauthorized network operations were detected.
- [PROMPT_INJECTION] (SAFE): No instructions targeting agent behavior or safety filter bypass were found.
Recommendations
- AI detected serious security threats
Audit Metadata