pptx
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): In
ooxml/scripts/unpack.py, the functionzipfile.ZipFile(input_file).extractall(output_path)is called on user-provided Office documents without path validation. This is a Zip Slip vulnerability where a malicious archive with directory traversal paths (e.g.,../../target) can overwrite sensitive system files.\n- PROMPT_INJECTION (HIGH): The skill exhibits a Category 8 (Indirect Prompt Injection) vulnerability based on its data handling capabilities.\n - Ingestion points: Office documents (.docx, .pptx, .xlsx) are unpacked and parsed in
ooxml/scripts/unpack.pyandscripts/rearrange.py.\n - Boundary markers: None identified; untrusted XML data is processed without delimiters.\n
- Capability inventory: Includes arbitrary file writes via
extractalland system command execution viasofficeinooxml/scripts/pack.py.\n - Sanitization: While
defusedxmlis used for XML parsing, no sanitization is performed on zip file entry paths or content passed to LibreOffice.\n- COMMAND_EXECUTION (MEDIUM): Inooxml/scripts/pack.py, the skill invokessoffice(LibreOffice) viasubprocess.run. Processing untrusted documents through high-complexity office software is a risk for remote code execution via parser exploits.\n- EXTERNAL_DOWNLOADS (LOW): The skill depends on the system binarysoffice, which is an external dependency that increases the overall attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata